<< Why not to depend on client side validation | Home | Canadian Law and the Internet Part 1 >>

Determining if a session has expired

The first thing to discuss is Session.IsNewSession() this returns true if a session was just created on this request.

On the first request to a page this will return true.
durring the session it will return false
after a timeout error occurs this will also return true (the session no longer exists so it gets recreated).

So we know that if IsNewSession() returns true that either this is a new request or the session has timed out.

Now the way that sessions work is the server sends the browser a cookie with the session ID. On every request the client sends this cookie and the server loads your session.

On the first request to a page the browser will not send a cookie
durring the session it will send the cookie
after a timout occurs it will still send the cookie

So now we can determine if we have a timeout by using this code:

If Session.IsNewSession Then
Dim strCookieHeader As String = Request.Headers("Cookie")
If strCookieHeader.Length > 0 AndAlso strCookieHeader.IndexOf("ASP.NET_SessionId") > 0 Then
'redirect to timeout page here
end if

I put this code into a basepage that all of my pages that use session data inherit from.

Print | posted on Tuesday, May 16, 2006 1:23 AM

Comments

No comments posted yet.

My Links

Recent Comments

Determining if a session has expired