A little help with managing session timeouts

  • Thread starter Thread starter Simon Harvey
  • Start date Start date
S

Simon Harvey

Hi everyone,

If anyone can help me with the following I would be very greatful.

In order to determine when a session has timed out I have some code in each
page that does something like:

loadSessionData(); // Populates a variable called sessionState

if(sessionState.currentUser != null){
// Carry on
}

else{
Response.Redirect("/misc_pages/sessionExpired.aspx");
}

My problem is I often have to send out links in emails that jump right into
the secure section of the site. If a session isnt detected it should quietly
take the user to the login page and then once the user enters their details,
redirect them to the secure page they were trying to get to before. This all
sounds fine in theory but the problem is that the code above just identifies
the fact that there isn't any session information and assumes that the
situation is a session timeout - which it isnt.

So I guess my question is:

How can I easily distinguish between occasions when a user's session has
timed out and occasions when the user has just tried to jump into a secure
area of the site without logging in?

If anyone can help me I would be very greatful.

Thanks in advance everyone

Kindest Regards

Simon
 
Look into FormsAuthentication. It should allow you to do most of what you
would like to do.
 
Hi Guys,

Thanks for your help. I'm currently using forms authentication at the
moment. I can't find much information about session handling in the
documentation though.

I'll go have a look at isSessionNew just now. I'm not sure its what I need
but maybe.

Thanks for your help

Simon
 
Hi Brad,

I think I see where you're going with the IsNewSession property. I just want
to check something with you if thats ok.

Is the reason this works because when a user follows a link to a secure area
of the site from an email, the IsNewSession property will always be true
because it will have been made as soon as the user followed the link. A time
out won't occur like this because the IsNewSession will be false?

That seems to make sense to me. I'll try it later on today.

Thanks again for your help

Simon
 
Hi Brad,

I think I see where you're going with the IsNewSession property. I just want
to check something with you if thats ok.

Is the reason this works because when a user follows a link to a secure area
of the site from an email, the IsNewSession property will always be true
because it will have been made as soon as the user followed the link. A time
out won't occur like this because the IsNewSession will be false?

That seems to make sense to me. I'll try it later on today.

Thanks again for your help

Simon
 
Back
Top