I'm using the well documented code to detect whether a timeout has occurred
when a page is fetched in the OnInit() event handler:
If Session.IsNewSession Then
Dim CookieHeader As String = Request.Headers("Cookie")
If Not CookieHeader Is Nothing AndAlso
CookieHeader.IndexOf("ASP.NET_SessionId") >= 0 Then
Request.Redirect("~/Timeout.aspx")
End If
End IF
This works - sort of. It works by checking to see if the ASP.NET_SessionId
cookie exists when a new session is started. If it is present, then this is
(supposed) to indicate that it's a new session.
However, if you have two applications running on the same IIS web server,
then it triggers incorrectly. Both applications implement the above code.
1. Open
http://localhost/webapp1/default.aspx
2. IsNewSession is true but cookie isn't present
3. Open
http://localhost/webapp2/default.aspx
4. IsNewSession is true but the ASP.NET_SessionId cookie also exists (why is
this?)
Therefore the user is directed to the timeout page of webapp2.
I've tried adding setting the path (in Session_Start event) of the
Response.Cookie("ASP.NET_SessionId" to Request.PhysicalApplicationPath but
that doesn't seem to make any difference.
Any ideas?
Thanks, Rob.
