1

I am using sessionstate stored in stateserver in asp.net. I have a link on header that displays users login id.

Problem:

When session expires in stateserver my application still displays loginid and it throws an error when hits code that depends on value stored in session.

Looks like asp.net has no idea when session expires on stateserver and continue working on same session with value saved in cookie in user's browser.

To tackle this problem in another application i am checking for session with each request and expire user's session if it's expired in sessionstate.

I am not sure i am doing right thing here. Isn't asp.net suppose to keep session data saved in cookies synced with session in stateserver?

Could you please explain what would be best practice to handle this?

Improve this question

3 Answers 3

Reset to default
2

The right practice is to "find" the user's session each time you receive a postback. And right then and there, if you can't find it, report an error that their session has expired and they need to log in again.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If you are using ASP.Net Webforms, you can consider the Load event of the page or control to check whether the session has expired. Here's the relevant code

if(Session["yourvar"] == null)
  ShowError();
Improve this answer

Comments

0

Thanks For all answers,

By Default my session timeout value for form authentication were higher then sessionstate. That made session on sessionstate expire and cause issues. I think keeping form authentication value little lower than sessionstate would be the best practice.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.