tags:

views:

864

answers:

2
+2  Q: 

ASP.NET session - How can I tell if a session is new due to expiration or initial visit?

We have a page of search results which the user can hit in several ways. 90% of the ways will set up a 'Search Criteria' session object, which the results page will use to retrieve the search results.

When the session object isn't found, we will typically show the user an 'invalid search' message, and give them a link to the main search page.

The exception is the case where the user hits a webpage which has the search results page as it's default page (we use .NET's themes to provide private labels for our site, skinning it with our affiliates' colors and logos). If the search results page is the default page for the site, there is a special search that is preformed when there is no session criteria.

This is working fairly well in our testing, but there is an edge case we would like to handle: When a session expires while someone is on the search results page (having come from the search page) and they then click on the next page of results, they will get this special search instead of the 'expired session' message.

This is the basic format we're using, where searchCriteria is set from session.

if (searchCriteria == null)
{
    if (/*Check if this is the default url for this site*/)
    {
      //Preform special search
    }
    else
    {
      //Display 'session expired message'
    }
}

Is there a way we can check Session in the inner if block to see if the user's session is new due to expiration of an existing? Or do browsers just throw away the session cookies when they expire?

Is there a browser difference? Do some return the expired session cookie to the server, while other's delete them on expiration? Or is it consistent?

+4  A: 

This is an excellent article which is based off of this one. I think you will find your answers here (Page 2 of the second article specifically)

RandomNoob  2008-12-03 23:34:15
Thanks! These articles should help quite a bit.
Jeff  2008-12-04 14:10:42
+1  A: 

All the browsers will return the expired session cookie. They'll do so until the browser is restarted or it's rewritten by a server response.

The answer from bnkdev uses this fact to detect new vs expired by seeing if the cookie is already set. It's simple and easy and will likely work for you, but it only works when cookies are used for session ids. It won't work for cookieless sessions.

Also, rather than hard coding "ASP.NET_SessionId", you should probably fetch it from the cookieName attribute of the sessionState configuration element.

Tony Lee  2008-12-03 23:59:19
Good to know the browsers all do the smart thing and return the cookie. Thanks!
Jeff  2008-12-04 14:16:45

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?