How To Handle A Postback After Session Expires On Site
Mar 18, 2011
I have a simple ASP.NET 4 site. I am using Forms Authentication. I have Session timeout set to 20 minutes. Also when the user authenticates I set the AuthenticationTicket to expire in 20 minutes. So normally everything works fine. If there is more than 20 minutes of inactivity and the user requests a page on the site they are redirected back to the Login page as I would expect.
However, let's say that the user is on a page that contains a form. Then they wait 25 minutes. Then they go to submit the form. Instead of being redirected back to the Login page, the site attempts the postback and I immediately get errors because there is code in the postback that attempts to get information out of Session.
It seems like ASP.NET does not redirect back to Login on postback if the AuthenticationTicket and Session has expired. How can I handle this? I hope I don't have to write special code on each page.
i have two web aplications running on different sites.
1. site gets user information and show another website (2. site) in an i frame. but when i do this 2. site session starts again on every page.postback . if i connect to 2. site without 1. site everything works well.
i want your opinion about the Response.AddHeader("Refresh", Convert.ToString((Session.Timeout * 60) - 20))that i have seen in some sites that is used for refresh the page every time a little bit before the session expires
I am using a timer in the master page of my web site in order to keep a 'status bar' up to date with all sorts of information.The issue is that the whole point of session expiry goes to waste, because a postback is always being made (although asynchronic) to the server.
How can i still expire the session after a wanted period of time?
I cache information about the currently logged in user in the session. This info lazy loads whenever a CurrentUser property on my global application class is used. It does this by calling GetUser() on my custom implementation of MembershipProvider, which either loads the user up from the session, or loads the user from the DB and throws the user object in the session.
How should I handle this scenario?
User logs in. Administrator deletes user (or deactivates...the point is they can't log in any more). User's session expires. User navigates to a page or makes a request, or whatever.
Currently if this scenario occurs, NullReferenceExceptions are thrown all over the place, because the ASP .NET framework calls GetUser() which returns nothing because it can't find the user in the database (and there's nothing in the session because it expired).
Page2 having Button 2 and an ascx control UC1. UC1 has a Button 3. Page2 is a modal dialog ( window.showModalDialog )
on Click of Button1 open Page2(modal dialog).
Page2 has UC1. UC1 has a button B3. On click of B3,instead of directly going to B3_click event, another post back happens. Thereafter opens login.aspx in another browser ( It is losing Session containing UserDetails as well as other session details).
now even If I continue entering Username and password, page2 reloads again in the new browser.
I am totally lost.
1) I do not know why UC1 button click makes another postback and thereafter opens up into another page losing all the sessions!!
I want to retain teh sessions till i go back to page1.
I simply want to display a message on the login page when the user is automatically redirected there after requesting a page that they were logged in for but their session has now expired. So essentially if the user was working but stepped away for a lunch break without logging out I want the system to tell them why they were sent back to the login page.
Something like "You have been idle for too long so you must log back in".
This has to be easy I am just running into a wall here. I thought about getting the original ticket and reading the expiration date but I'm a little lost.
In my asp.net website I am creating a session upon user login and I would like to perform some operations in the database just before this session will expire.I am having problem in determining where should I write code and how will I know the session is going to expire.
I am not sure if 'session_end' event of 'Global.asax' suits my requirements as the session I want to check is created manually(not a browser instance).
On localhost works well. On the hosting server expires very quickly. Sometimes after a minute, and sometimes after a few minutes.
I tried mode="StateServer" and mode="SQLServer", but first works the same, other doesn't work. The next problem is that End_Session in global.asax doesn't executes if mode is not InProc. And I need this.
How could I achive that session expires only when browser is closed or other url is typed. Just setting timeout doesn't work.
my web app doesn't use authorization in web.config, but i want to detect when a session has expired and redirect to the home page.I have searched and found solutions that rely on the web app using authorization. Other solutions have implemented a user control to drop in every page.Obviosly i don't want to manually check for null on every session variable on every event of the web app, so i want the app to do it automatically.
I am not sure what the event is called but I'm trying to get it so if your not logged in you can't manually type the page name in the bar at the top. I need to find a way so it will always redirect you to the login page if you haven't signed in.
Also the same goes for sessions, at the moment when my session time runs out my website fails as there is alot linked to sessions from my database, how do I get it so when a session expires upon trying to navigate inside the website you are passed back to the login page?
I'm used to public facing websites that use ASP.net membership - and when the SESSION vbl's timeout we re-direct to the login page like this
If Session("Yr") Is Nothing Then Page.Response.Redirect("~Login.aspx?reason=timeout") End If
And on the login page we check for that reason and put up a label on the screen saying that things timed out to protect sensitive data. This works fine. Now I'm doing a web site that's in house - and when the users connect they get a BROWSER POP-UP to login with the DOMAIN UN/PW - and once they get past that my default page redirects them to a home portal page. What do I do when my session vbl's expire now? I can't redirect to a login page - there is not one. How do I cause the re-authentication to happen more naturally?
I have a partial view thats being rendered in my Site.Master file, and it contains a form - im able to submit values and itll throw it to the controller just fine..the problem is when validation fails and i need to go back to the form to display errors
How can i have a form that uses a viewmodel inside Site.Master and still be able to throw it back and post validation errors?
I really want to switch over to ajax, but i can't seem to get my error handlling perfect. If i can't handle errors correctly, I just can't use it. What I really want to happen is to do a full refresh of the Top Frame. How I normally do this is by a similar call to Response.Write(<script>top.location.href = ""</script>). I was currently doing this in Global.asax. This becomes a problem when I error out in an AJAX postback. I've also noticed that There is an AsycPostbackErrorHandler you can attach to the ScriptManager. This is all find an dandy, but it will still hit my Global.asax Application_Error Event.
I am honestly just not sure how to handle this.
As I said, the result I want is....To Reload the Top Frame with some Error Message...whether I have to do some weird redirection or whatever. My problem lies specifically with the Global.asax file.
Trying to figure out how to handle data returned for a site search from a description field. I don't think I want to display all the text from the description field, but I also don't want to "chop" a word in half. How do I get the first 100 characters, plus a few extra letters if needed to prevent a word from being chopped in half. In some cases, the description field is less than 100 characters, so all the text will be displayed. However, if the description does need to be chopped at 100, I'd like to finish the word and add ... to indicate that there is more text.