8

In my web app I'm using some session variables, which are set when I login:

e.g. Session("user_id") = reader("user_id")

I use this through my app.

When the session variable times out, this throws errors mainly when connecting to the database as session("user_id") is required for some queries.

How can I set my session variables so that once they are timed out to go to the login page or how can at least increase the length of time the are available?

Improve this question

4 Answers 4

Reset to default
11

I'm guessing you're using Forms Authentication. The trick here is to ensure that your Forms Authentication expires before the session does.

I wrote about this in this answer here:

How to redirect to LogIn page when Session is expired (ASP.NET 3.5 FormsAuthen)

For example:

Configure your Forms Authentication - this sets the timeout to 60 minutes:

<authentication mode="Forms">
    <forms defaultUrl="~/Default.aspx"
        loginUrl="~/Login.aspx"
        slidingExpiration="true"
        timeout="60" />
</authentication>

Extend Session expiry to a longer time:

<sessionState 
    mode="InProc" 
    cookieless="false" 
    timeout="70"/>

In your Login.aspx code behind you could also do a Session.Clear(); to remove stale session data before assigning session values.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

In the past I've used a base page or master page on every page (making an exception for the login page) that reads a session token to see if a user is logged in currently.

If it ever reads a null it saves the current url and redirects to the login page.

After logging in it reads the saved url and redirects the user back to the requested page.

Increasing the session timeout value is a setting in IIS.

Improve this answer

Comments

1

How can I set my session variables so that once they are timed out to go to the login page

Check if they are = null do a Response.Redirect("Home.aspx");

or how can at least increase the length of time the are available?

Its in the web.config within the sessionState element

Improve this answer

Comments

0

I think a lot of people wrap their session calls to provide a "lazy load" pattern. Something like this:

class SessionHelper
{
    public static string GetUserId()
    {
        string userId = (string)System.Web.HttpContext.Current.Session["UserId"];

        if( userId == null )
        {
           userId = reader("UserId");
           System.Web.HttpContext.Current.Session["UserId"] = userId;
        }

        return userId;
    }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.