Redirection to Login page after session time out

Amit.jain
Posted by in ASP.NET category on for Intermediate level | Views : 33136 red flag
Rating: 4.5 out of 5  
 2 vote(s)

In this example i'll show how to detect the session timeout which occurs when user is idle for the time specified as Session.Timeout,using C# asp.NET and if it is than redirect the user to login page to login again, for this i've set time out value in web.config file to 1 minute


 Download source code for Redirection to Login page after session time out

Setting up web.config for forms authentication
In web.config file, set the sessionstate mode to inproc and authentication mode to Forms
<system.web>
<compilation debug="true"/>
<authentication mode="Forms"/>
<sessionState mode="InProc" cookieless="false" timeout="1">
</sessionState>
</system.web>
I've created three pages in this example , one is login page , when session expires , i redirect to this page , one is navigation page where i'll check if session is valid or not , if it is valid than only user will see this page other wise he gets redirected to login page
Code for Default.aspx

<%@ Page Language="C#" AutoEventWireup="true"
CodeFile="Default.aspx.cs" Inherits="_Default" %>


<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button ID="btnSessionStart"
runat="server"
OnClick="btnSessionStart_Click"
Text="Start Session" /><br />
<br />
<br />
<asp:Button ID="btnCheck"
runat="server"
OnClick="btnCheck_Click"
Text="Check Session ID" />
<br />
<asp:TextBox ID="txtSession"
runat="server"
Width="266px">
</asp:TextBox><br />
<br />
<asp:Button ID="btnGO"
runat="server"
OnClick="btnGO_Click"
Text="Go to Other Page" />
<br />
<br />
</div>
</form>
</body>
</html>
And the code behind for this page is like
protected void btnSessionStart_Click(object sender, EventArgs e)
{
Guid Session_id = Guid.NewGuid();
Session["SessionID"]= Session_id.ToString();

}

protected void btnCheck_Click(object sender, EventArgs e)
{
if (Session["SessionID"] != null)
txtSession.Text = Session["SessionID"].ToString();
else
txtSession.Text = "Session has expired";
}

protected void btnGO_Click(object sender, EventArgs e)
{
Response.Redirect("Default2.aspx");
}
Now the page where we want to check the session has timed out or not, we need to check it in the Page_Init event of the page , is session is not null than only user will be able to go to the page other wise he will get redirected to login page
In this page I've just put a button to go to home page

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button ID="btnHome"
runat="server" OnClick="btnHome_Click"
Text="Home" /></div>
</form>
</body>
</html>

And the Code behind for this page is

protected void Page_Init(object sender, EventArgs e)
{
CheckSession();
}
protected void btnHome_Click(object sender, EventArgs e)
{
Response.Redirect("Default.aspx");
}

private void CheckSession()
{
if (Session["SessionID"] == null)
{
Response.Redirect("Login.aspx");
}

}
Conclusion
If we need to check this in all the pages of application than we can create a BaseClass and write the above mentioned code of CheckSession and Page_Init part and drive all ur pages from this class by typing BaseClassName in place of System.Web.UI.Page and it will check all pages for session timeout every time page is loaded

Page copy protected against web site content infringement by Copyscape

About the Author

Amit.jain
Full Name: amiT jaiN
Member Level: Starter
Member Status: Member
Member Since: 12/26/2008 7:19:35 AM
Country:

http://csharpdotnetfreak.blogspot.com/

Login to vote for this post.

Comments or Responses

Posted by: Javaexp on: 12/20/2012 | Points: 25

Login to post response

Comment using Facebook(Author doesn't get notification)