Hi All,

I have a question.

I need to know that when a request with expired session id come in to a web application, how does the asp.net know it is expired?

And in which method, it is being checked.

 Hi,

override protected void OnInit(EventArgs e)
{
base.OnInit(e);

//check to see if the Session is null (doesnt exist)
if (Context.Session != null)
{
//check the IsNewSession value, this will tell us if the session has been reset
if (Session.IsNewSession)
{
//now we know it's a new session, so we check to see if a cookie is present
string cookie = Request.Headers["Cookie"];
//now we determine if there is a cookie does it contains what we're looking for
if ((null != cookie) && (cookie.IndexOf("ASP.NET_SessionId") >= 0))
{
//since it's a new session but a ASP.Net cookie exist we know
//the session has expired so we need to redirect them
Response.Redirect("YourURL");
}
}
}
}

http://www.dotnetspider.com/resources/15837-check-for-session-time-out.aspx

http://www.bigresource.com/ASP-how-we-know-that-the-Session-is-expired-in-asp--ojnyxftS.html

Thanks :)

In Page_Load, check Session.IsNewSession value. If it's true, then session is expired.

if (Session.IsNewSession)
Server.Transfer("Login.aspx");

And also read this..

http://aspalliance.com/520_Detecting_ASPNET_Session_Timeouts.all
 

Hi!

Please note that whenever a client accesses the web application, he is infact living in a session. Unless the session timeouts or you forcefully abandons it, it lives up with the client.

Now we put up some key,value pairs in to the Session object for our own requirements.

So, when a user with "expired" session comes, the web application is, infact, going to start a new session for the same guy. So the Session_Start event of global.asax will fire. So you can handle the logic in the global.asax page or you can put in checks in your pages like Session.IsNewSession to make sure that this request is coming from a client who is

1.) Either new

2.) Previously his session expired and is going to start a new session.

Hope it helps.

Hi,

First of all, Thank alot for all of your responses.

My question was a bit unclear.

I'd like to know how and which method, asp.net used in global.asax to identify the request session is expired and where does it generate the new session ID.

And I also need to identify between the expired session and new user session.

I traced the global.asax and I found that session Id has been issue between PreSendRequestContent method and BeginRequest method.

I would like to know how it is issue and where it gets the session id from.

Thank you guys.

When session state is enabled (which by default is), each request for a page is checked for a SessionID value. This SessionID value is sent from the browser.

If it is not found, then ASP.NET considers this request as a new Session and assigns the SessionID property a new unique value and sends it to the browser with thre Response.

Where the browser keeps the SessionID? By default, its saved in "ASP.NET_SessionId" cookie. Although you can configure the application so that the SessionIDs are passed through URL and not from cookies ("cookieless" sessions).

Please refer to the following link for more details.

http://msdn.microsoft.com/en-us/library/ms178581.aspx

Hope it helps.