asp.net session management

Question

I am using sessionstate stored in stateserver in asp.net. I have a link on header that displays users login id.

Problem:

When session expires in stateserver my application still displays loginid and it throws an error when hits code that depends on value stored in session.

Looks like asp.net has no idea when session expires on stateserver and continue working on same session with value saved in cookie in user's browser.

To tackle this problem in another application i am checking for session with each request and expire user's session if it's expired in sessionstate.

I am not sure i am doing right thing here. Isn't asp.net suppose to keep session data saved in cookies synced with session in stateserver?

Could you please explain what would be best practice to handle this?

Answer 1

The right practice is to "find" the user's session each time you receive a postback. And right then and there, if you can't find it, report an error that their session has expired and they need to log in again.

Answer 2

If you are using ASP.Net Webforms, you can consider the Load event of the page or control to check whether the session has expired. Here's the relevant code

if(Session["yourvar"] == null)
  ShowError();

Answer 3

Thanks For all answers,

By Default my session timeout value for form authentication were higher then sessionstate. That made session on sessionstate expire and cause issues. I think keeping form authentication value little lower than sessionstate would be the best practice.