What is the most efficient way to handle en expired session with ASP.NET 2.0

Question

On the site we are building. We need to be able to redirect the user to a default page when his session has ended.

At first sight we used the Session_End with a Response.Redirect to do this job.

Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
    Response.Redirect("~/global/exit.aspx")
End Sub

But it generates a crapload of Response is not available in this context errors. Naturally we don't want to spam our servers error logs.

What is the most efficient way to handle session ending with ASP.NET 2.0?

Answer 1

We handled it by checking if the session data existed in Application.Begin_Request for the pages that were user specific and if it didn't then redirecting the user to login or homepage.

Answer 2

You can use the session_end method, as it is not a user callable method, it is triggered by ASP.NET and response isn't available, as it is not part of the request.

The biggest way is to check and see if session is missing, somewhere in the load of your pages and redirect back to the main.

What I have done before is to put this checking logic inside a "RestrictedPage.master" master page that was used for all session specific pages, if session is lost, it redirects.

Answer 3

We added the following code to the global.asax.cs file:

 private void IsAuthenticated()
    {
        string vFileName = Path.GetFileName(HttpContext.Current.Request.Path);
        string vExt = Path.GetExtension(vFileName).ToLower();
        if ((vFileName != "Login.aspx") && (vExt == ".aspx"))
        {
            if (HttpContext.Current.Session["LoggedIn"] == null)
            {
                HttpContext.Current.Response.Redirect("~/Login.aspx");
            }
        }
    }
    void Application_PostAcquireRequestState(object sender, EventArgs e)
    {
        IsAuthenticated();
    }

NS: The first line in our Global .asax file is :

<%@ Application  Inherits="???.Global" Language="C#" %>