Detecting Session Timeout in Asp.Net

I recently had the need in my Asp.Net Webforms application to determine if a Session Timeout had occurred while the user was logged in to the app. As you know, while working in a Line Of Business app, many users can be drawn away from the app for extended periods of time after logging in. Upon returning to the app and making their next postback (by clicking some link or button on the form), most applications will have a mechanism to check the timeout limit set in Web.config and force the user to login again if the timeout limit has been passed. This is a basic security mechanism that is broadly used in web apps, and I wanted this behavior in my application.

Well, it turns out there is no built-in event or flag in the .Net framework that indicates when a Session Timeout has occurred. As I began what I thought would be a routine Google search, I found various solutions offered up by many developers who I’m sure are much smarter than me. After filtering through all the variations and approaches I saw on the web, I have trimmed it down to a simple method that works well for me, so I wanted to offer it up here to help anyone else who may encounter this need. You can add this method to your base form or master page code behind.

This simple method will return true if a Session Timeout has occurred, or false if not. You can call this method and take the desired action if true is returned. In my case, I log the user out and redirect them to the login page, passing a querystring parameter that triggers my login page to notify the user what has happened.

Method CheckForSessionTimout():

public bool CheckForSessionTimeout()
{
  if (Context.Session != null && Context.Session.IsNewSession)
  {
    string cookieHeader = Page.Request.Headers["Cookie"];
    if ((null != cookieHeader) && (cookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
     return true;
    else
     return false;
   }
   else
    return false;
}

Here is how I call the above method from the OnInit() method of my MasterPage:

if (CheckForSessionTimeout())
{
 if (Page.Request.IsAuthenticated)
 {
   FormsAuthentication.SignOut();
 }
 NavigateToLoginPage(true);
}

And here is the code for my NavigateToLoginPage() method, where the parameter true means “alert the user that a timeout has occurred” :

public void NavigateToLoginPage(bool TimeOutHasOccurred)
{
  Response.Redirect("~/Login.aspx?mode=timeout");
}

image

On the Login.aspx page, I look for the QueryString parameter of “mode” with a value of “timeout” and display this beautiful yellow <div> to tell the user what has happened.

3 thoughts on “Detecting Session Timeout in Asp.Net”

  1. Hi
    cookieHeader.IndexOf(“ASP.NET_SessionId”) is returning always -1 ,hence false is returned always.

    I have declared in web.config. I waited for 1 min and also for default session time out value 20 min , but it dint worked for me . Please suggest me the solution for this .

Leave a Reply

Your email address will not be published. Required fields are marked *