3

Some users close all the browsers and they open IE8 again and they get the message "Session Expired" in the login page, which is strange, and it only happens sometimes.

The conditions to show that message are: 

var sessionTimedOut = Session.IsNewSession && Request.Headers["Cookie"] != null && Request.Headers["Cookie"].Contains(ASPNET_SESSION_COOKIE);

And normally all cookies disapear when the browser is closed, because that is the scope of these cookies.

So what could be causing this condition to be true?

Improve this question
5
  • 1
    Edit: I could replicate the issue by waiting the session to expire, then killing the browser on Task Manager, then opening the browser and going explicitly to the login page (myserver.com/Web/Authentication/Login), but I don't believe my users are killing the browser - I believe they don't even know how to do that.... Commented May 8, 2014 at 14:11
  • 1
    it might be related to specific IE8 behavior stackoverflow.com/questions/1324181/…. Can you ask your users what actions exactly they are doing? Commented May 15, 2014 at 14:33
  • Just a guess, If you are using form authentication set cookie to persistent. Commented May 20, 2014 at 9:32
  • 1
    What is ASPNET_SESSION_COOKIE? Commented May 21, 2014 at 2:09
  • If you are able to reproduce it, then maybe use a tool like Fiddler to examine the HTTP request and see how the session id is being passed back to the server (ie. cookies, url, http header). Take a look at ASP.NET State Management for some things to look for. Commented May 21, 2014 at 4:39

1 Answer 1

Reset to default
1

Are you saving the value ASPNET_SESSION_COOKIE yourself into the session?...or just relying on ASP.net built in sessions handler? If you are not saving by yourself, then the following scenario might have been causing the problem.

I think your condition is not properly configured to check for expired sessions.The reasons are -

  1. ASP.Net by default saves Sessions, in Cookie, Therefore whenever a new session is created so does the Cookie.

  2. Lets, consider the scenario, that a session has expired, then when the request is made (that is the GET for the Login page) ASP.net is checking for a Cookie or Session and sees that it needs a new session to be created. Therefore, it creates a Session and saves the cookie.

  3. Again, lets consider, this is the first time some one sees the page, again, the same thing will happen as 2. The condition is always true.

  4. You need to save some custom Cookie/Session values inside the cookie/session so that you can check agains it.

I am highly suspicious that, the condition - 

Session.IsNewSession && Request.Headers["Cookie"] != null && Request.Headers["Cookie"].Contains(ASPNET_SESSION_COOKIE);

is never false, Unless you are using or checking this, before the session is handled or checked by ASP.Net.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Let me explain better: This is the Login GET action of my LoginController.
When starting a new IE8 when all other browsers were closed Session.IsNewSession is true and Request.Headers["Cookie"].Contains(ASPNET_SESSION_COOKIE) is false, so I just present the Login form to the user.
If I start IE8, login, wait for the session and authentication/forms expiration, open a new IE8 on the login action, then: Session.IsNewSession is true and Request.Headers["Cookie"].Contains(ASPNET_SESSION_COOKIE) is true, so I'm wrongly showing on that new window that the session has expired
Now what contraditcs your theory: If I start IE8, login, wait for the session and authentication/forms expiration, CLOSE ALL BROWSERS, open a new IE8 on the login action, then: Session.IsNewSession is true and Request.Headers["Cookie"].Contains(ASPNET_SESSION_COOKIE) is false, so I'm not showing any timeout message on the Login View.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.