In my asp.net mvc where to put code to expire browser session when server session expires. Can I use any action attribute? Which should be the best?
+1
A:
EDIT
Based on your comment, I would suggest handling this via a custom base controller that all of your other controllers would derive from. Have the custom base controller override OnActionExecuting and check for an expired state. If the state is expired, remove the authentication cookie from the response (FormsAuthentication.SignOut) and set the Result property on the ActionExecutingContext parameter to HttpUnauthorizedResult. Alternatively, you could simply redirect to a Logout action.
You should also make sure that your session timeout and the forms authentication cookie timeout are the same.
Original answer left for context
I'm not sure exactly what you're asking. When the server session expires, the authentication ticket in the cookie is no longer valid. Any action that requires authorization (which minimally requires authentication) should get back an HttpUnauthorizedResult, which by default redirects to the Forms logon page.
Are you asking how to expire the session on the client-side so that the client does something even in the absence of a request? If so, you might be interested in how I handle this via javascript/ajax. See my blog post on client-side session termination at http://farm-fresh-code.blogspot.com.
tvanfosson
2009-07-04 15:01:29
In this case session on session state service expires so client cookie is still valid that i need to expire
mamu
2009-07-04 15:24:39
I've updated my response based on your comment.
tvanfosson
2009-07-04 15:31:20
A:
I think you want to clear browser history after user sign out.
Hemant Kothiyal
2009-07-04 15:25:05