views:

371

answers:

1

I am trying to detect a session state timeout in my asp.net application and am unable to do so. I have a base class that derives from System.Web.UI.Page as follows:-

public class BasePageSessionExpire : Page
{
    override protected void OnInit(EventArgs e)
    {
        base.OnInit(e); 
        if (Context.Session != null)
        {                
            if (Session.IsNewSession)
            {                    
                string szCookieHeader = Request.Headers["Cookie"];
                if ((null != szCookieHeader) && (szCookieHeader.IndexOf("ASP.NET_SessionId") > 0))
                {
                    Session.Abandon();
                    Response.Redirect("~/SessionExpired.aspx",true);
                }
            }
        }
    }
}

All the pages I need session state checking on derive from this base class instead of "System.Web.UI.Page". Also, all these pages have EnableSessionState="True". I have a blank Session_Start() method in my global.asax file if that is relevant at all.

For some reason after the first request, the "Session.IsNewSession" property is always false. It is true only for the first request and then is always false. I have my timeout set to 1 minute. The session never seems to timeout. What am I missing here ?

Also I have implemented a state server in SQL Server 2008. This is not an in-proc session state implementation.

Thanks in advance.

A: 

An ASP.Net session is started on the user's first request to a server. This is the only time that IsNewSession will be true.

Calling Session.Abandon() removes the current session, and then if you redirect the user to the SessionExpired page, that will start a new session.

I'm not sure why the timeout would not be firing. Have you put code in the Global.asax Session_End event to verify that sessions aren't ending?

womp
So you are saying that the IsNewSession will always be false after the first request ? So essentially even if the session did timeout, the code above wouldn't work, because IsNewSession would always be false and the code would never get a chance to go in and execute "Session.Abandon" when the session does in fact timeout ?
IsNewSession will only be true for the HttpRequest that caused a new session object to be created. The first request to the server after a timeout should do this I believe.
womp
Also I have implemented a state server in SQL Server 2008. This is not an in-proc session state implementation.