Develop Reference

Detect Session Expiry in Asp.Net MVC 5 Razor Application

I am developing Asp.Net MVC 5 Razor Application. I am maintaining separate table to maintain login information. When user logs in, I put 'true' in a field (IsLoggedIn) on success callback of login, in that table. When user logs out, I put 'false' in that field on success callback of logout module.
I am having one problem. If user does not press log out button, and its session is expired it gets log out. My success callback of logout is not called and 'IsLoggedIn' field in database still shows true for that user.
I am unable to find anything regarding how can I detect session expiry event and call my table updation function to put 'false' in 'IsLoggedIn' field to for user row?
Any Help?

Session timeouts can be handled in the Session_End event in your Global.asax, if your application using InProc SessionState mode(this is default in ASP.net if not specified)
void Session_End(object sender, EventArgs e) {
// perform your logic
}
before doing this remember one thing The event will be called, but not necessarily right after the timeout.
also take this into consideration that According to MSDN,the HttpSessionState.Timeout property has a setter and can be changed from within your application's code as well as permanently in the web.config
Hope this helps

Session Log Out Issue

There is web application which is created on asp.net.
This application works perfectly when i run this on my local.
I have used session to store the userId of the user in the session.
In every page where i want only logged in user to be able to enter i have written code like.
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["userID"] == null)
{
Response.Redirect("login.aspx");
}
}
}
So when session does not have userID user gets automatically redirected to login page.
I am facing two problems
1.When I deploy it to BigRock shared server.User automatically gets logged out in 5 minutes.It is defined session time out set in that server which I can not change. I do not want my user to get logged out automatically.
2.Payment Gateway is also integrated with this website and when the user clicks on check out .He gets redirected to payment gateway but when after entering his payment details and transaction completes when he gets back to response page ,he again automatically gets logged out whether 5 minutes was completed or not.This also works fine when I test this for the condition when I run this website on my local.
Every help is appreciated.Thank You So much in advanced!
Please let me know if you need any more clarification or source code.

Well, you can always try logging back the user based on the order-id received from PG. Since the response from PG is usually protected by checksum, you can rely on it's authenticity to carry back the user to your page. Just update your login session by using FormsAuthentication.SetAuthCookie method to re-login the user.
In your case since your directly assigning userdId to Session (IMHO, not the best way to manage logins though. Try searching for MembershipProvider), the steps are pretty straight forward.
Get the OrderId from PG response.
Fetch the associated userId from Orders table (For this you must have associated each user with their orders.
Save the userId in Session.
Redirect the user to secure page.
Why are we not asking for password? Because, responses from PG are usually protected by means of hashing and usually immune to tampering. So you can safely bet on the authenticity of the user redirected by PG.

Close the browser when session expires? asp.net

I have an asp.net web page that has a 60 second idle-time window before the session will expire. Is there a way (either through asp, or c# code behind) to close the browser - or preferably just the tab - in the Session_End event?
I've seen a lot of posts on SO that want to do the opposite (end the session on browser close), but not what I need.

You can't close the browser but you can redirect to a "Session Expired" page by doing this:
protected override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
this.PageHead.Controls.Add(new LiteralControl(
string.Format("<meta http-equiv='refresh' content='{0};url={1}'>",
Session.Timeout * 60, "SessionExpired.aspx")));
}

You can look at this example - Alert Session Time out in ASP.NET
It basically warn the user before timeout (For example, Bank Of America site). Once it reaches the time limit, redirect user to a logout page.
FYI: User will get mad if you redirect or close a page without warning.

Control ASP.NET Return from Login

I've got a requirement such that, when a user logs in while completing a multi-form data submission process, their profile is checked against the data they've already submitted and certain classes of users will be shown an alert message; i.e. some users get a popup message when they login.
The popup will use the ModalPopupExtender from the Ajax toolkit which is in line with similar functionality elsewhere in the code base.
The problem I've got is that as soon as the user is validated, the user is always redirected to the originating page; I want to suspend this action until the user has been shown the message and then perform the redirection when the user clicks to dismiss the message.
Can anyone suggest a solution to this (using .NET 3.5)?
EDIT
Since it's been asked for, the login page has a user control which contains an control. The control handles the OnAuthenticate event which basically calls:
protected void Login_Authenticate(object sender, AuthenticateEventArgs e)
{
bool isValidUser = Membership.ValidateUser(FullLogin.UserName, FullLogin.Password);
if (isValidUser)
{
e.Authenticated = true;
}
...
}
It also handles the LoggedIn event which performs some business logic and raises a 'LogInSuccessful' or 'LoginFailed' event handled by the page. A successful login will the redirect the user back to the originating page.
I've already refactored out the manual redirection code to be called when the info box is dismissed but it appears that forms authentication is redirecting the user automatically which is the behaviour I'm trying to override.

When you login with forms authentication, user is carried to the login form and back to the origination page by asp.net.
Once you have authenticated the user, it will take him back to the originating page.
If you have to do it on this page, you must for this group of users, cancel the authenticate and then show the message.
protected void Login_Authenticate(object sender, AuthenticateEventArgs e)
{
bool isValidUser = Membership.ValidateUser(FullLogin.UserName, FullLogin.Password);
Session["isValidUser"] = isValidUser;
if (!Session.ContainsKey("isValidUser"))
{
e.Authenticated = false;
}
else
{
e.Authenticated = (bool)Session["isValidUser"];
}
...
}
When the user clicks the ok button, you must then postback and authenticate the user. This will need you to store the result of authenticate from the previous call in session.
It might be simpler to put this message in a common master page, let asp take the user back to the originating page and show the message there.

What is the best way to show a message to user and redirect to home page when a session times out

I am currently working on a asp.net 3.5 web application which is being used by 500 + concurrent users and the session time-out is set to 24 hours but a recycling of ASPNet process on the server is scheduled to trigger everyday at 3:00 A.M. is causing the session gets timed out.
What is the best way to show a message to user and redirected to home page after session is expired? There are lot of pages in the project, so adding code to every page of the site is not really a good solution.
Thanks in advance
BB

You can use global.asax's session end event to perform your redirect & notification. Just a note, that the session doesn't end when the browser is closed. It ends when the session timeout reached.
void Session_End(Object sender, EventArgs E) {
// Clean up session resources
}