ASP.NET MVC RC2 - Session Handling Bug ?

Question

hello community,

i have a problem with session in my webapplication (asp.net mvc rc2). the application works fine on asp.net mvc rc1.

i use the follow code for session timeout handling:

 if (cnt.Current.Session != null) 
        {
            if (cnt.Current.Session.IsNewSession) 
            { 
                  string cookie = cnt.Current.Request.Headers["Cookie"];  
                  if ((null != cookie && (cookie.IndexOf("ASP.NET_SessionId") >= 0)) 
                  {
                      return true; 
                  }  
            }    
        }

when i becomes a session timeout, use the FormsAuthentication.SignOut(); method for user logout an redirect to the loginpage. after the new login is cnt.Current.Session.IsNewSession always true!! (BUG?) on rc1 works fine.

Answer 1

MVC 2 RC1 had a bug which incorrectly created a new session for every user. The correct behavior (which MVC 2 RC2 exhibits) is that session generation is deferred until the first time something is stored in the user's session.

If you never store anything in Session, then it will never get saved, and IsNewSession will always return true. Please be sure that you're actually putting something in Session if you intend to use it.

On a related note, if you're just using this to control when a user logs out, why not just shorten the FormsAuth cookie expiration? The default timeout is 2880 minutes (2 days); you can change this in the site's root Web.config. This way you don't have to mess with Session at all.