locked
Session data still available after session timeout RRS feed

  • Question

  • User1056831142 posted

    I set session timeout to 1 minute. But after a couple of minutes with no action, the code can still get the user ID stored in session variable when a button is clicked on the web from.

    Any idea why?

    James

    Thursday, November 26, 2015 7:39 PM

All replies

  • User753101303 posted

    Hi,

    How do you initialize that? You could just have some logic that restore again the same value when the next session starts.

    I would show SessionID and the session start full date time (initialized iin the Session_Start event). It should allow to make 100% sure if this is the same session or not by showing at least a value that is expected to change.

    Thursday, November 26, 2015 8:11 PM
  • User-2057865890 posted

    Hi,James

    You could check if session = null and do a Response.Redirect("Home.aspx");

    if(Session["UserId"] == null)
        Response.Redirect("Home.aspx");

    Best regards,
    Chris Zhao

    Friday, November 27, 2015 6:50 AM
  • User1056831142 posted

    That's exactly what I did.

    After a couple of minutes, Session["UserId"] is still not null, even though in Web.config the session timeout is set to 1 minute.

    James

    Monday, November 30, 2015 1:11 PM
  • User753101303 posted

    But when do you initialize this session variable? Could it be that you initialized this session variable for another session?

    This is why I suggested earlier to show the SessionID and the start date/time for the session. it would allow to make 100% sure if this is the same session or if this is another session.

    Monday, November 30, 2015 1:26 PM