views:

221

answers:

7

I have a problem with session expiry. Firstly it expires every 20 minutes and it throws an error...

I tried to fix it by:

if (Session["userName"].ToString() == null)
{
   Session.RemoveAll();
   Response.Redirect("~/Login.aspx?sessionError=" + "*Session Expired on pageload PleaseLog in again");
}

But I get the following error:

Object reference not set to an instance of an object.

My stack trace is:

[NullReferenceException: Object reference not set to an instance of an object.] copiunGUI.Site1.checksession() in C:\Users\jagmit\Documents\Visual Studio 2008\Projects\copiunGUI\copiunGUI\Site1.Master.cs:224 copiunGUI.Site1.TreeViewMain_Unload(Object sender, EventArgs e) in C:\Users\jagmit\Documents\Visual Studio 2008\Projects\copiunGUI\copiunGUI\Site1.Master.cs:210 System.Web.UI.Control.OnUnload(EventArgs e) +8681754 System.Web.UI.Control.UnloadRecursive(Boolean dispose) +252 System.Web.UI.Control.UnloadRecursive(Boolean dispose) +188 System.Web.UI.Control.UnloadRecursive(Boolean dispose) +188 System.Web.UI.Control.UnloadRecursive(Boolean dispose) +188 System.Web.UI.Control.UnloadRecursive(Boolean dispose) +188 System.Web.UI.Page.UnloadRecursive(Boolean dispose) +23 System.Web.UI.Page.ProcessRequestCleanup() +43

My web.config is:

<authentication mode="Forms">
    <forms loginUrl="Login.aspx" defaultUrl="~/Default.aspx" name="Cookie" timeout="10080" path="/">
    </forms>
</authentication>
<authorization>
    <deny users="?"/>
    <allow users="*"/>
</authorization>

Please help.......

Thanks

Thanks for ur input guys...

I tried this:

if (Session["userName"] == null)
{
   Session.RemoveAll();
   Response.Redirect("~/Login.aspx?sessionError=" + "*Session Expired on pageload PleaseLog in again");
}

But i get the error:

Response is not available in this context.

+7  A: 

The problem is here:

if (Session["userName"].ToString() == null)

When Session["UserName"] is a null object reference, you can't rightly call .ToString() on it.

Try this instead...

if (Session["userName"] == null)...
JohnFx
i did this but then when redirecting i get Response is not available in this context.
Try Server.Transfer() instead of Response.Redirect() and see if you have better luck with that.
JohnFx
+2  A: 

You shouldn't call .ToString() on a reference to a session object that might be null (because of expiration)

see below:

if (String.IsNullOrEmpty(Session["userName"]))
    {
        Session.RemoveAll();
        Response.Redirect("~/Login.aspx?sessionError=" + "*Session Expired on pageload PleaseLog in again");
    }
Jon Schoning
A: 

Try setting it to the max value 525601, see if you still have the same issues. If you do I suspect it isnt a session issue.

Mick Walker
+1  A: 

Fixing the error.

String.IsNullOrEmpty(Session["userName"])

A bit more information. If a user is away from his computer or doesn't hit your server every 20 minutes their Session will expire. This is the default. You could use client side javascript to ping your server every 15 minutes so that it doesn't loose the session while the browser is open. You could also increase your Session Timeout.

runxc1 Bret Ferrier
A: 

Someone just fixed the timeout issue on my QA server. It happens because of default IIS setting of 20 minutes which overrides the web.config setting. Check out the following link to fix the problem.

How to change idle timeout settings.

For the other problem you use String.IsNullOrEmpty on Session["userName"]

This explains why the above setting affects your session timeout

ps
+1  A: 

If you are doing this in the context of your page your code should be:

if (Session["userName"] == null)
{
     Session.Abandon();
     Response.Redirect("~/Login.aspx?sessionError=" + "*Session Expired on pageload PleaseLog in again", true);
}

You need to check for null on your Session key before you can do an operation on it. This is why you are getting the exception. Make sure you also have the true on the end of the Response.Redirect to ensure that your response ends immediately. Lastly, note the Session.Abandon(); which is probably more useful to you than then RemoveAll you are currently using.

As for you other comment about the Response object not being available, it should be unless you are doing this in like a class outside of your page context. If you this shouldn't compile anyways.

Kelsey
could u tell me what to do with the error -->Response is not available in this context.
i have a tree view class...
and this sessioncheck happens on treeview Unload event... please help
Why do you need to clear or check the session on the `Unload` event?
Kelsey
You really should consider the design if a control is trying to do page level redirecting. It seems like an odd thing to do. You really should be notifying your page that something is wrong and have the page itself control what happens due to this condition.
Kelsey
because of the impersonation issue... if i dont put it there it throws an error after session expires... and that is the first place it checks if session is present.....
is there a way to just simply redirect to the login page if this exception occurs
A: 

You are seeing the error "Response is not available in this context" because you are calling it too late in the page lifecycle.

The TreeView's Unload Event is called:

when the server control is unloaded from memory.

This occurs after the page has been rendered to the client - so there's no way you can issue a response redirect, or even a Server.Transfer from there.

As Kelsey commented, you really should try and refactor your design a bit - perhaps performing this check earlier (say PageLoad before you do the bulk of your processing).

Also, you should probably be aware that the Forms Timeout is different to the Session Timeout - the former sets how long the login cookie stays around for if the user checks the "Remember Me" box when logging in, while the later determines how long the user can remain idle before the server treats them as a "new" user (regardless of authentication status), and is configured using:

<sessionState timeout="60" />
Zhaph - Ben Duguid