Alex Alex - 2 months ago 23
ASP.NET (C#) Question

Detect session timeout after Response.Redirect?

I am implementing the log-in/log-out functionality on a website. Whenever the user clicks on

Sign out
button (anywhere but at the login page,
Login.aspx
), the following method will execute:

protected void SignOut(object sender, EventArgs e)
{
Session.Abandon();
Response.Redirect("Login.aspx");
}


Now, when the redirect happens, I want to do the following in
Login.aspx
:

protected void Page_Init(object sender, EventArgs e)
{
if ( Session_has_timed_out ... )
SessionTimeOutDIV.Text = "Session timed out. Please log in again.";
else
{
// normal logic here ...
}
}


Q: How do I check that the session was previously terminated, given that I need to check this (1) after the actual call to
Session.Abandon()
and (2) after I am redirected from where the call to
Session.Abandon()
had happened?

Answer

Yes that's why for authentication it is recommended to rely on cookie and use formsAuth or now ASP.Net Identity. If it was MVC we have TempData but for webforms I don't think there is any such thing. So you can use other state management techniques like query string

Response.Redirect("Login.aspx?Logout=true");

In page_init of Login.aspx

    if (Request.QueryString["LogOut"] != null && Request.QueryString["LogOut"] == "true") //do handle exception and casting
    {
        //SessionTimeOutDIV.Text = "Session timed out. Please log in again.";
    }
    else
    {
        // normal logic here ...
    }

This is only a hack, hope this helps.