Reputation: 123
How to effectively handle session in asp.net
I have one web site with multiple accounts like staff, end user and admin.
However I am creating each session while the user is logged into their account.
if (Page.IsValid)
{
string type_name="";
int returnValue = DatabaseHelper.GetLogin(txtusername.Text.Trim(), txtpassword.Text.Trim(), out type_name);
if (returnValue == 1)
{
if (chk_remember.Checked == true)
{
if (type_name.Trim()=="Admin")
{
Response.Cookies["UName"].Value = txtusername.Text;
Response.Cookies["PWD"].Value = txtpassword.Text;
Response.Cookies["UName"].Expires = DateTime.Now.AddMonths(2);
Response.Cookies["PWD"].Expires = DateTime.Now.AddMonths(2);
Session["username"] = txtusername.Text.Trim();
Response.Redirect("~/Admin/Admin_Landing_page.aspx");
}
else if (type_name.Trim()=="User")
{
Response.Cookies["UName"].Value = txtusername.Text;
Response.Cookies["PWD"].Value = txtpassword.Text;
Response.Cookies["UName"].Expires = DateTime.Now.AddMonths(2);
Response.Cookies["PWD"].Expires = DateTime.Now.AddMonths(2);
Session["username"] = txtusername.Text.Trim();
Response.Redirect("~/EndUser/myhome.aspx");
}
}
else
{
Response.Cookies["UName"].Expires = DateTime.Now.AddMonths(-1);
Response.Cookies["PWD"].Expires = DateTime.Now.AddMonths(-1);
if (type_name.Trim()== "Admin")
{
Session["username"] = txtusername.Text.Trim();
Response.Redirect("~/Admin/Admin_Landing_page.aspx");
}
else if (type_name.Trim()== "User")
{
Session["username"] = txtusername.Text.Trim();
Response.Redirect("~/EndUser/myhome.aspx");
}
}
}
else if (returnValue == -1)
{
ltr_error.Text = "Authentication failed..contact administrator";
}
else
{
ltr_error.Text = "Invalid username or password";
}
}
}
Here, sessions are created but how I handle them for long time as possible in ASP.NET timeout? Is that way to handle them with global.asax file?
Also, how do I redirect the user to login page if no session found in application?
-------------------------------------Updated----------------------------------------
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
public partial class WebUserControl : System.Web.UI.UserControl
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected override void OnPreRender(EventArgs e)
{
if (Context.Session != null && Context.Session.IsNewSession)
{
if (this.Page.User != null && this.Page.User.Identity.IsAuthenticated)
{
FormsAuthentication.SignOut();
Response.Redirect("~/Default.aspx");
}
}
base.OnPreRender(e);
}
}
Upvotes: 0
Views: 2309
Answers (1)
Reputation: 5832
session by default lasts for 20 mins - depending on the setting in IIS and also the web.config. if session is expires, the Session_End event in the global.asax gets fired. from there, you cannot exactly redirect and would not be the right place to redirect anyway.
you should create a user control for example, which is on every page or even better a master page from which all pages derive from, then you can check on every request if Session is empty. if so, redirect to the logon page.
I have done this many times and works a treat.
I have this on a prerender event in a user control:
if (Context.Session != null && Context.Session.IsNewSession)
{
if (this.Page.User != null && this.Page.User.Identity.IsAuthenticated)
{
FormsAuthentication.SignOut();
Response.Redirect("~/Login.aspx");
}
}
Upvotes: 2
Related Questions
- asp.net session management
- ASP.NET sessions
- How to handle session in asp.net mvc
- Session in Asp.net
- session Handling in asp.net
- Deal with session in ASP.NET C#
- sessions in asp.net/c#
- How to tackle this session problem in ASP.NET,VB.NET?
- ASP.NET Session
- What is the best way of handling users session in ASP.Net?