Geeks With Blogs


Rodney Vinyard - .NET & SQL Developer When all is said and done, more will be said than done
ASP.NET Detect and alert forms authentication timeout
1.      Add sessionState to web.config
        <sessionStatetimeout="1"mode="InProc" /> <!--minutes e.g. 120 = 2 hours-->
2.      Add  FormsAuthentication to web.config
      <!--timeout minutes (needs to be the same as in sessionState above) e.g. 120 = 2 hours-->
      <!--loginUrl - destination when FormsAuthentication Times out -->
      <!--defaultUrl - where FormsAuthentication.RedirectFromLoginPage goes, unless user overrode with valid URL in browser-->
3.      On Session_Start, detect session timeout and set a “CatchTimeOut” session variable
 void Session_Start(object sender, EventArgs e)
        // Code that runs when a new session is started
        // no - Response.Cookies["CoprSession"].Value = ""; //.Expires = DateTime.Now.AddDays(5000);
        //This is obviously a new session being created; it can be
        //created at the first hit of a user, or when the user
        //previous session has expired (timeout). We are only interested
        //in the timeout scenario, so we look at the request cookies
        //and if we have a previous session ID cookie, it means this is a
        //new session due to the timing out of the old one.
        //Note: slight problem here: in .Net 2.0 the ASP Session ID
        //cookie name is configurable, but we don't have a way to
        //retrieve that from the web.config - so if you customize
        //the session cookie name in the web.config you'll have to
        //use the same name here.
        string request_cookies = Request.Headers["Cookie"];
        if ((null != request_cookies) &&
                (request_cookies.IndexOf("ASP.NET_SessionId") >= 0))
            //cookie existed, so this new one is due to timeout.
            //Redirect the user to the login page
            //System.Diagnostics.Debug.WriteLine("Session expired!");
            //Response.Redirect(Constants.HOME_PAGE + "?" +
            //                  Constants.PARAM_REQUEST + "=" +
            //                  Constants.PARAM_REQUEST_VALUE_TIMEOUT);
            Session[“CatchTimeOut”] = true;
4.      Create a base page to query the “CatchTimeOut” session variable and do a javascript alert
public class _BasePage : System.Web.UI.Page
    protected override void OnLoad(EventArgs e)
        // Be sure to call the base class's OnLoad method!
        if (Session[“CatchTimeOut”])
            Session[“CatchTimeOut”] = false;
            string strScript = "<script>alert('Your web session timed out.');</script>";
            Page.ClientScript.RegisterStartupScript(this.Page.GetType(), "ShowInfo", strScript);
5.      Inherit base page wherever base behavior is needed
·         public partial class LnumberSearch : _BasePage
·        {
Posted on Thursday, July 28, 2011 11:23 AM javascript - ajax | Back to top

Comments on this post: ASP.NET Detect and alert forms authentication timeout

# re: ASP.NET Detect and alert forms authentication timeout
Requesting Gravatar...
You made fantastic nice points here.
I performed a search on the issue and discovered almost all peoples will agree with your blog.
All inclusive travel deals are not for everyone,
but most people enjoy a vacation that is put together for them

Left by reviewmask on Aug 11, 2011 12:47 AM

Your comment:
 (will show your gravatar)

Copyright © Rodney Vinyard | Powered by: