tags:

views:

221

answers:

7
+2  Q: 

session expiring and throwing exception

I have a problem with session expiry. Firstly it expires every 20 minutes and it throws an error...

I tried to fix it by:

if (Session["userName"].ToString() == null)
{
   Session.RemoveAll();
   Response.Redirect("~/Login.aspx?sessionError=" + "*Session Expired on pageload PleaseLog in again");
}

But I get the following error:

Object reference not set to an instance of an object.

My stack trace is:

[NullReferenceException: Object reference not set to an instance of an object.] copiunGUI.Site1.checksession() in C:\Users\jagmit\Documents\Visual Studio 2008\Projects\copiunGUI\copiunGUI\Site1.Master.cs:224 copiunGUI.Site1.TreeViewMain_Unload(Object sender, EventArgs e) in C:\Users\jagmit\Documents\Visual Studio 2008\Projects\copiunGUI\copiunGUI\Site1.Master.cs:210 System.Web.UI.Control.OnUnload(EventArgs e) +8681754 System.Web.UI.Control.UnloadRecursive(Boolean dispose) +252 System.Web.UI.Control.UnloadRecursive(Boolean dispose) +188 System.Web.UI.Control.UnloadRecursive(Boolean dispose) +188 System.Web.UI.Control.UnloadRecursive(Boolean dispose) +188 System.Web.UI.Control.UnloadRecursive(Boolean dispose) +188 System.Web.UI.Page.UnloadRecursive(Boolean dispose) +23 System.Web.UI.Page.ProcessRequestCleanup() +43

My web.config is:

<authentication mode="Forms">
    <forms loginUrl="Login.aspx" defaultUrl="~/Default.aspx" name="Cookie" timeout="10080" path="/">
    </forms>
</authentication>
<authorization>
    <deny users="?"/>
    <allow users="*"/>
</authorization>

Please help.......

Thanks

Thanks for ur input guys...

I tried this:

if (Session["userName"] == null)
{
   Session.RemoveAll();
   Response.Redirect("~/Login.aspx?sessionError=" + "*Session Expired on pageload PleaseLog in again");
}

But i get the error:

Response is not available in this context.

+7  A: 

The problem is here:

if (Session["userName"].ToString() == null)

When Session["UserName"] is a null object reference, you can't rightly call .ToString() on it.

Try this instead...

if (Session["userName"] == null)...
JohnFx  2009-12-07 23:05:27
i did this but then when redirecting i get Response is not available in this context.
 2009-12-07 23:37:33
Try Server.Transfer() instead of Response.Redirect() and see if you have better luck with that.
JohnFx  2009-12-08 00:20:49
+2  A: 

You shouldn't call .ToString() on a reference to a session object that might be null (because of expiration)

see below:

if (String.IsNullOrEmpty(Session["userName"]))
    {
        Session.RemoveAll();
        Response.Redirect("~/Login.aspx?sessionError=" + "*Session Expired on pageload PleaseLog in again");
    }
Jon Schoning  2009-12-07 23:05:54
A: 

Try setting it to the max value 525601, see if you still have the same issues. If you do I suspect it isnt a session issue.

Mick Walker  2009-12-07 23:07:59
+1  A: 

Fixing the error.

String.IsNullOrEmpty(Session["userName"])

A bit more information. If a user is away from his computer or doesn't hit your server every 20 minutes their Session will expire. This is the default. You could use client side javascript to ping your server every 15 minutes so that it doesn't loose the session while the browser is open. You could also increase your Session Timeout.

runxc1 Bret Ferrier  2009-12-07 23:11:01
A: 

Someone just fixed the timeout issue on my QA server. It happens because of default IIS setting of 20 minutes which overrides the web.config setting. Check out the following link to fix the problem.

How to change idle timeout settings.

For the other problem you use String.IsNullOrEmpty on Session["userName"]

This explains why the above setting affects your session timeout

ps  2009-12-07 23:14:51
+1  A: 

If you are doing this in the context of your page your code should be:

if (Session["userName"] == null)
{
     Session.Abandon();
     Response.Redirect("~/Login.aspx?sessionError=" + "*Session Expired on pageload PleaseLog in again", true);
}

You need to check for null on your Session key before you can do an operation on it. This is why you are getting the exception. Make sure you also have the true on the end of the Response.Redirect to ensure that your response ends immediately. Lastly, note the Session.Abandon(); which is probably more useful to you than then RemoveAll you are currently using.

As for you other comment about the Response object not being available, it should be unless you are doing this in like a class outside of your page context. If you this shouldn't compile anyways.

Kelsey  2009-12-07 23:47:54
could u tell me what to do with the error -->Response is not available in this context.
 2009-12-08 00:07:06
i have a tree view class...
 2009-12-08 00:28:18
and this sessioncheck happens on treeview Unload event... please help
 2009-12-08 00:28:54
Why do you need to clear or check the session on the `Unload` event?
Kelsey  2009-12-08 00:36:02
You really should consider the design if a control is trying to do page level redirecting. It seems like an odd thing to do. You really should be notifying your page that something is wrong and have the page itself control what happens due to this condition.
Kelsey  2009-12-08 00:38:00
because of the impersonation issue... if i dont put it there it throws an error after session expires... and that is the first place it checks if session is present.....
 2009-12-08 00:38:48
is there a way to just simply redirect to the login page if this exception occurs
 2009-12-08 00:39:58
A: 

You are seeing the error "Response is not available in this context" because you are calling it too late in the page lifecycle.

The TreeView's Unload Event is called:

when the server control is unloaded from memory.

This occurs after the page has been rendered to the client - so there's no way you can issue a response redirect, or even a Server.Transfer from there.

As Kelsey commented, you really should try and refactor your design a bit - perhaps performing this check earlier (say PageLoad before you do the bulk of your processing).

Also, you should probably be aware that the Forms Timeout is different to the Session Timeout - the former sets how long the login cookie stays around for if the user checks the "Remember Me" box when logging in, while the later determines how long the user can remain idle before the server treats them as a "new" user (regardless of authentication status), and is configured using:

<sessionState timeout="60" />
Zhaph - Ben Duguid  2009-12-08 01:45:05

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?