I want to create a brand new ASP.NET_SessionId when the Session Times out on my website. I think the event that fires when your session times out is Session_End in Global.asax file. So I would like to do something in this event
To delete current session, it will fire on Session.Abandon():
Global.asax
public void Session_End(object sender, EventArgs e)
{
string sessionId = this.Session.SessionID;
// Query to delete User's current session
//...
//...
}
So you would redirect the user to the login form to generate a new Session.
Related
I'm checking whether the last time a user has changed the password. If it's more than 90 days, I'll redirect the user to the Password Change page.
protected void LoginUser_LoggedIn(object sender, EventArgs e)
{
//has their password expired?
var _user = MembershipRepository.GetUser(this.LoginUser.UserName);
if (_user != null
&& _user.LastPasswordChangedDate.Date.AddDays(90) < DateTime.Now.Date)
{
Server.Transfer("~/SiteNav/ChangePassword.aspx");
}
}
The problem I'm having is that when ChangePassword.aspx displays, the user is not logged in. Unless I refresh manually the page, then the LoginStatus control shows the username of the user.
I've tried to refresh the page in the code, but it's still not working.
protected void Page_Load(object sender, System.EventArgs e)
{
var _url = HttpContext.Current.Request.Url.ToString();
if (_url.ToLower().EndsWith("default.aspx"))
{
Page.ClientScript.RegisterStartupScript(this.GetType(),
"RefreshPage", "window.location.reload();", true);
Response.Redirect("~/SiteNav/ChangePassword.aspx");
}
}
It's so confusing. When we get to the LoggedIn event, I though the user was already logged in.
Thanks for helping.
It's probably due to the cookie not being included in the response when you do a redirect, as at that point in time the auth cookie will have been set on your machine, but won't have been in the Request. When the cookie is set it's not automatically updated in the response.
See This Answer for some code that should sort it
I want to log on browser information on a session_start event but, of course in global.asax I can't use
Request.Browser
how should I set it up?
You can use Session_Start in the global.asax file.
protected void Session_Start(Object sender, EventArgs e)
{
HttpContext context = base.Context;
HttpRequest request = context.Request;
HttpBrowserCapabilities browserCapabilities = request.Browser;
// log, for example the browser's name:
string browserName = browserCapabilities.Browser; // Firefox in my case
}
The Session_Start event is fired the first time when a user’s session is started. This typically contains for session initialization logic code.
Working with the ASP.NET Global.asax file
Redirecting user to login page after session timeout is similar to refreshing the page after certain intervals method. Only thing which will differ is that calculating time after which the page has to be redirected. Hence time can be calculated using Session.timeout property which will give us session timeout value for that session. Add some grace timings to that value and redirect the user to the login page automatically.
protected void Page_Init(object sender, EventArgs e)
{
CheckSession();
}
private void CheckSession()
{
if (Session["SessionID"] == null)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "redirect", "var r = confirm('Your Session Has Expired'); if (r == true) var str= 'PartnerLogin.aspx'; location.href = str ;", true);
}
}
Can I add an event handler to a session value in asp.net with c#?
I'm planning to update the database when user logs in and logs out and I control login and logout with session values, but the session may end without a user click, like timeout, so I'd like to add an event handler to "isloggedin" session value.
you need to handle this in global.asax.
protected void Session_Start(Object sender, EventArgs e)
{
//your code
}
protected void Session_End(Object sender, EventArgs e)
{
//your code
}
You can implement the Session_End method in the global.asax. There, you will retrieve what information you need from the session, and do what you need to (like setting logout flag in database for the user):
Here's an example of what I do, though you can tailor it to your needs:
void Session_End(object sender, EventArgs e)
{
SessionPlayerContext context = (SessionPlayerContext)this.Session[Constants.SessionKeys.UserContext];
if (context != null)
PlayerManager.SetPlayerOnlineStatus(context.PlayerID, false);
}
The key is that I'm getting the user object that I previously stored in the session (when user logged in), and if it exists, I then flag the user as being logged out in the database (via PlayerManager)
Not only should you check it in the Session_End, but you also should check it wherever user would physically log out.
As for setting the user as being logged in, you will handle that when user physically logs in.
I'm programming an MVC3 application. Now I hava to call a script if the users session expire.
Is there something like a event on-session-expire, that get fired when the user session expired?
Thanks a lot!
In your Global.asax
you can create a
protected void Session_End(object sender, EventArgs e) { }
method which should be called when a session ends.