|
List Info
Thread: Session State (Expired)
|
|
| Session State (Expired) |
|
2006-10-21 07:52:34 |
Rob,
what exactly do you want to do?
If you want to force the user to re-log in as soon as their
session
has expired then you cannot do that. The client and the
server are
disconnected, by the time the session has expired then the
client may
be on a different web site or may not even be there, you
have no way
to know or control this.
If you want to know if the user hasa a session when they
connect then
that is an entirely different matter, you can simply look at
the
session object to work that out.
If you want to force the user to re-authenticate when their
session
times out then you can do that a few ways (from the server).
Are you
using Forms Authentication? or are you rolling your own?
On 10/18/06, IMPlatform <implatform netspace.net.au> wrote:
> So the redirection to the log on page is done within
the client side script?
>
> Rob.
>
> -----Original Message-----
> From: Discussion of building .NET applications targeted
for the Web
> [mailto OTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Mark Kucera
> Sent: Wednesday, October 18, 2006 11:08 PM
> To: DOTNET-WEBDISCUSS.DEVELOP.COM
> Subject: Re: [DOTNET-WEB] Session State (Expired)
>
> I haven't read anywhere that this was fixed in 2.0, but
I know in 1.x MS
> reluctantly divulged that you can't guaranty that
Session_OnEnd event will
> always be fired. There are a couple instances,
navigating to a new site in
> the same browser for instance that won't cause a
Session_OnEnd event handler
> to get called.
>
> If you are wanting to do something when the user's
session has timed out,
> what I've done in the past is to use a javascript to
set a time that
> displays a popup message to the user a minute or two
before the session is
> set to expire. The message tells them their session is
about to expire and
> to press ok to continue their current session. It
would only appear after x
> minutes of the user being idle, and when they press ok,
just have the
> current page reload, if they do it before the session
expires then
> everything is good, otherwise you can redirect them to
a login page.
>
> Good Luck
> MK
>
>
> -----Original Message-----
> From: Discussion of building .NET applications targeted
for the Web
> [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Shawn Wildermuth
> Sent: Tuesday, October 17, 2006 10:36 PM
> To: DOTNET-WEBDISCUSS.DEVELOP.COM
> Subject: Re: [DOTNET-WEB] Session State (Expired)
>
> You should look at the Session_OnEnd Event.
>
>
> Thanks,
>
> Shawn Wildermuth
> Wildermuth Consulting Services, LLC
> http://adoguy.com
> C# MVP, MCSD.NET, Author and Speaker
>
>
> > -----Original Message-----
> > From: Discussion of building .NET applications
targeted for the Web
> > [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Robert Rolls
> > Sent: Tuesday, October 17, 2006 10:10 PM
> > To: DOTNET-WEBDISCUSS.DEVELOP.COM
> > Subject: Re: [DOTNET-WEB] Session State (Expired)
> >
> > Sorry Sean,
> >
> > Will I get an event in the page load or just a
unhandled exception?
> >
> > Rob.
> >
> >
> > -----Original Message-----
> > From: Discussion of building .NET applications
targeted for the Web
> > [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Shawn Wildermuth
> > Sent: Wednesday, 18 October 2006 12:01 PM
> > To: DOTNET-WEBDISCUSS.DEVELOP.COM
> > Subject: Re: [DOTNET-WEB] Session State (Expired)
> >
> > If its inproc, you can do it in Global.asax file
(I think that's where
> > it is), but if its out of proc (e.g. State Server
or SQL Server) you
> > won't have an opportunity to do anything with it.
> >
> >
> > Thanks,
> >
> > Shawn Wildermuth
> > Wildermuth Consulting Services, LLC
> > http://adoguy.com
> > C# MVP, MCSD.NET, Author and Speaker
> >
> >
> > > -----Original Message-----
> > > From: Discussion of building .NET
applications targeted for the Web
> > > [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of IMPlatform
> > > Sent: Tuesday, October 17, 2006 5:01 PM
> > > To: DOTNET-WEBDISCUSS.DEVELOP.COM
> > > Subject: Re: [DOTNET-WEB] Session State
(Expired)
> > >
> > > Apologies; Yes I was alluding to handling
session expires
> > and asking
> > > them to log in again. How do I do this? Is it
a simple case of
> > > handling destroyed/closed (hmm) in
global.asax
> > >
> > > Thanks
> > > Rob.
> > >
> > > -----Original Message-----
> > > From: Discussion of building .NET
applications targeted for the Web
> > > [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Vivek Vaid
> > > Sent: Tuesday, October 17, 2006 12:03 AM
> > > To: DOTNET-WEBDISCUSS.DEVELOP.COM
> > > Subject: Re: [DOTNET-WEB] Session State
(Expired)
> > >
> > > Are you asking what behavior an application
should exhibit
> > to the user
> > > when session expires? or what asp.net does on
session expiration?
> > >
> > > The best way to handle session expiration
(from a user experience
> > > perspective) is to ask them to log in again
and let them continue
> > > working..
> > >
> > > as for the latter, asp.net stores the session
information
> > in different
> > > ways depending on how you configure teh
session (in memory, sql
> > > server, cookies
> > > etc) so there are different things you can do
with that
> > data when it
> > > expires..
> > >
> > > On 10/15/06, Robert Rolls
<Robert.Rollsdevnet.ato.gov.au> wrote:
> > > >
> > > > What's the best way to handle session
state that's
> > expired? What is
> > > > the usual processing that ASP.Net
performs (if any)
> > > >
> > > >
> > > >
> > > > Regards
> > > >
> > > > Rob.
> > > >
> > > >
> > > > ===================================
> > > > This list is hosted by DevelopMentor(r)
http://www.develop.com
> > > >
> > > > View archives and manage your
subscription(s) at
> > > > http://discuss.develop.com
> > > >
> > >
> > > ===================================
> > > This list is hosted by DevelopMentorR http://www.develop.com
> > >
> > > View archives and manage your subscription(s)
at
> > > http://discuss.develop.com
> > >
> > > ===================================
> > > This list is hosted by DevelopMentor. http://www.develop.com
> > >
> > > View archives and manage your subscription(s)
at
> > > http://discuss.develop.com
> > >
> >
> > ===================================
> > This list is hosted by DevelopMentor(r) http://www.develop.com
> >
> > View archives and manage your subscription(s) at
> > http://discuss.develop.com
> >
> > ===================================
> > This list is hosted by DevelopMentor. http://www.develop.com
> >
> > View archives and manage your subscription(s) at
> > http://discuss.develop.com
> >
>
> ===================================
> This list is hosted by DevelopMentor(r) http://www.develop.com
>
> View archives and manage your subscription(s) at http://discuss.develop.com
>
> ===================================
> This list is hosted by DevelopMentor. http://www.develop.com
>
> View archives and manage your subscription(s) at http://discuss.develop.com
>
> ===================================
> This list is hosted by DevelopMentor(r) http://www.develop.com
>
> View archives and manage your subscription(s) at http://discuss.develop.com
>
--
Kevin Jones
http://blogs.a
dvantaje.com/blog/kevin/
===================================
This list is hosted by DevelopMentorŪ http://www.develop.com
View archives and manage your subscription(s) at http://discuss.develop.com
|
|
| Session State (Expired) |
|
2006-11-10 09:05:30 |
We roll our own security - my primary problem is - is there
a way to know
whether a users session has expired on Page load or within
something else if
I'm storing session in an SQL database? I need to re-direct
the user to say
the default.aspx page.
-----Original Message-----
From: Discussion of building .NET applications targeted for
the Web
[mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Kevin Jones
Sent: Saturday, October 21, 2006 5:53 PM
To: DOTNET-WEBDISCUSS.DEVELOP.COM
Subject: Re: [DOTNET-WEB] Session State (Expired)
Rob,
what exactly do you want to do?
If you want to force the user to re-log in as soon as their
session has
expired then you cannot do that. The client and the server
are disconnected,
by the time the session has expired then the client may be
on a different
web site or may not even be there, you have no way to know
or control this.
If you want to know if the user hasa a session when they
connect then that
is an entirely different matter, you can simply look at the
session object
to work that out.
If you want to force the user to re-authenticate when their
session times
out then you can do that a few ways (from the server). Are
you using Forms
Authentication? or are you rolling your own?
On 10/18/06, IMPlatform <implatformnetspace.net.au> wrote:
> So the redirection to the log on page is done within
the client side
script?
>
> Rob.
>
> -----Original Message-----
> From: Discussion of building .NET applications targeted
for the Web
> [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Mark Kucera
> Sent: Wednesday, October 18, 2006 11:08 PM
> To: DOTNET-WEBDISCUSS.DEVELOP.COM
> Subject: Re: [DOTNET-WEB] Session State (Expired)
>
> I haven't read anywhere that this was fixed in 2.0, but
I know in 1.x
> MS reluctantly divulged that you can't guaranty that
Session_OnEnd
> event will always be fired. There are a couple
instances, navigating
> to a new site in the same browser for instance that
won't cause a
> Session_OnEnd event handler to get called.
>
> If you are wanting to do something when the user's
session has timed
> out, what I've done in the past is to use a javascript
to set a time
> that displays a popup message to the user a minute or
two before the
> session is set to expire. The message tells them their
session is
> about to expire and to press ok to continue their
current session. It
> would only appear after x minutes of the user being
idle, and when
> they press ok, just have the current page reload, if
they do it before
> the session expires then everything is good, otherwise
you can redirect
them to a login page.
>
> Good Luck
> MK
>
>
> -----Original Message-----
> From: Discussion of building .NET applications targeted
for the Web
> [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Shawn Wildermuth
> Sent: Tuesday, October 17, 2006 10:36 PM
> To: DOTNET-WEBDISCUSS.DEVELOP.COM
> Subject: Re: [DOTNET-WEB] Session State (Expired)
>
> You should look at the Session_OnEnd Event.
>
>
> Thanks,
>
> Shawn Wildermuth
> Wildermuth Consulting Services, LLC
> http://adoguy.com
> C# MVP, MCSD.NET, Author and Speaker
>
>
> > -----Original Message-----
> > From: Discussion of building .NET applications
targeted for the Web
> > [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Robert Rolls
> > Sent: Tuesday, October 17, 2006 10:10 PM
> > To: DOTNET-WEBDISCUSS.DEVELOP.COM
> > Subject: Re: [DOTNET-WEB] Session State (Expired)
> >
> > Sorry Sean,
> >
> > Will I get an event in the page load or just a
unhandled exception?
> >
> > Rob.
> >
> >
> > -----Original Message-----
> > From: Discussion of building .NET applications
targeted for the Web
> > [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Shawn
> > Wildermuth
> > Sent: Wednesday, 18 October 2006 12:01 PM
> > To: DOTNET-WEBDISCUSS.DEVELOP.COM
> > Subject: Re: [DOTNET-WEB] Session State (Expired)
> >
> > If its inproc, you can do it in Global.asax file
(I think that's
> > where it is), but if its out of proc (e.g. State
Server or SQL
> > Server) you won't have an opportunity to do
anything with it.
> >
> >
> > Thanks,
> >
> > Shawn Wildermuth
> > Wildermuth Consulting Services, LLC
> > http://adoguy.com
> > C# MVP, MCSD.NET, Author and Speaker
> >
> >
> > > -----Original Message-----
> > > From: Discussion of building .NET
applications targeted for the
> > > Web [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of
> > > IMPlatform
> > > Sent: Tuesday, October 17, 2006 5:01 PM
> > > To: DOTNET-WEBDISCUSS.DEVELOP.COM
> > > Subject: Re: [DOTNET-WEB] Session State
(Expired)
> > >
> > > Apologies; Yes I was alluding to handling
session expires
> > and asking
> > > them to log in again. How do I do this? Is it
a simple case of
> > > handling destroyed/closed (hmm) in
global.asax
> > >
> > > Thanks
> > > Rob.
> > >
> > > -----Original Message-----
> > > From: Discussion of building .NET
applications targeted for the
> > > Web [mailtoOTNET-WE
BDISCUSS.DEVELOP.COM] On Behalf Of Vivek
> > > Vaid
> > > Sent: Tuesday, October 17, 2006 12:03 AM
> > > To: DOTNET-WEBDISCUSS.DEVELOP.COM
> > > Subject: Re: [DOTNET-WEB] Session State
(Expired)
> > >
> > > Are you asking what behavior an application
should exhibit
> > to the user
> > > when session expires? or what asp.net does on
session expiration?
> > >
> > > The best way to handle session expiration
(from a user experience
> > > perspective) is to ask them to log in again
and let them continue
> > > working..
> > >
> > > as for the latter, asp.net stores the session
information
> > in different
> > > ways depending on how you configure teh
session (in memory, sql
> > > server, cookies
> > > etc) so there are different things you can do
with that
> > data when it
> > > expires..
> > >
> > > On 10/15/06, Robert Rolls
<Robert.Rollsdevnet.ato.gov.au> wrote:
> > > >
> > > > What's the best way to handle session
state that's
> > expired? What is
> > > > the usual processing that ASP.Net
performs (if any)
> > > >
> > > >
> > > >
> > > > Regards
> > > >
> > > > Rob.
> > > >
> > > >
> > > > ===================================
> > > > This list is hosted by DevelopMentor(r)
http://www.develop.com
> > > >
> > > > View archives and manage your
subscription(s) at
> > > > http://discuss.develop.com
> > > >
> > >
> > > ===================================
> > > This list is hosted by DevelopMentorR http://www.develop.com
> > >
> > > View archives and manage your subscription(s)
at
> > > http://discuss.develop.com
> > >
> > > ===================================
> > > This list is hosted by DevelopMentor. http://www.develop.com
> > >
> > > View archives and manage your subscription(s)
at
> > > http://discuss.develop.com
> > >
> >
> > ===================================
> > This list is hosted by DevelopMentor(r) http://www.develop.com
> >
> > View archives and manage your subscription(s) at
> > http://discuss.develop.com
> >
> > ===================================
> > This list is hosted by DevelopMentor. http://www.develop.com
> >
> > View archives and manage your subscription(s) at
> > http://discuss.develop.com
> >
>
> ===================================
> This list is hosted by DevelopMentor(r) http://www.develop.com
>
> View archives and manage your subscription(s) at
> http://discuss.develop.com
>
> ===================================
> This list is hosted by DevelopMentor. http://www.develop.com
>
> View archives and manage your subscription(s) at
> http://discuss.develop.com
>
> ===================================
> This list is hosted by DevelopMentor(r) http://www.develop.com
>
> View archives and manage your subscription(s) at
> http://discuss.develop.com
>
--
Kevin Jones
http://blogs.a
dvantaje.com/blog/kevin/
===================================
This list is hosted by DevelopMentorR http://www.develop.com
View archives and manage your subscription(s) at http://discuss.develop.com
===================================
This list is hosted by DevelopMentorŪ http://www.develop.com
View archives and manage your subscription(s) at http://discuss.develop.com
|
|
[1-2]
|
|