1

Weird problem here, we're running a few mixed environment web applications, that use Windows or Forms authentication depending on where the user comes from.

I'm curious how everyone else might be handling expired sessions to avoid the errors you would get from someone leaving an idle session open for too long and then trying to resume work, mainly looking for best practices on the subject.

Any suggestions or opinions would be greatly appreciated.

Thanks,

thismat
  • 2,096
  • 17
  • 24

2 Answers2

1

I'm not sure how your authentication method affects session timeouts, the mechanism they use to get in shouldn't affect how long they can stay in.

Generally speaking, if someone does have an expired session, you can add code to check to see if their session is active. If it isn't, just redirect them to a login page, or display some other friendly text.

Basically something like:

if (Session.IsNewSession) 
   Response.Redirect("login.aspx");
AaronS
  • 7,649
  • 5
  • 30
  • 56
  • Where would you suggest the DRYest place would be for that check? – thismat Apr 02 '09 at 18:47
  • It really depends on the structure of your site. If you use a master page, you could add it in it's Page_Load or Page_Init. If you have a shared user control, you can add it to it's Page_Init. You could also just add it manually to the Page_Load of every page that uses session data. – AaronS Apr 02 '09 at 19:08
  • I don't like the idea of maintaining something over that many pages, we're doing the master page and it's working out great, thanks. – thismat Apr 02 '09 at 19:26
0
  • Don't store unnecessary information on the session.
  • If you are storing something you can reload, have the appropriate code that will reload it if it wasn't found in the session
  • Consider if some processes are meant to be handled in long periods of time, in which case save intermediate info to the database.
  • If the user is doing a process that uses the session, and the data is missing, take them to step 1 (not much you can do about it, if you don't have the info elsewhere).
eglasius
  • 35,831
  • 5
  • 65
  • 110