ASP.NET Detect and alert forms authentication timeout
1. Add sessionState to web.config
<system.web>
<sessionStatetimeout="1"mode="InProc" /> <!--minutes e.g. 120 = 2 hours-->
2. Add FormsAuthentication to web.config
<authenticationmode="Forms">
<!--timeout minutes (needs to be the same as in sessionState above) e.g. 120 = 2 hours-->
<!--loginUrl - destination when FormsAuthentication Times out -->
<!--defaultUrl - where FormsAuthentication.RedirectFromLoginPage goes, unless user overrode with valid URL in browser-->
<formsloginUrl="~/Forms/Logon.aspx"
defaultUrl="~/Forms/OrderCreate.aspx?TimeOut=True"
protection="All"
timeout="1"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>
</authentication>
3. On Session_Start, detect session timeout and set a “CatchTimeOut” session variable
void Session_Start(object sender, EventArgs e)
{
// Code that runs when a new session is started
// no - Response.Cookies["CoprSession"].Value = ""; //.Expires = DateTime.Now.AddDays(5000);
//This is obviously a new session being created; it can be
//created at the first hit of a user, or when the user
//previous session has expired (timeout). We are only interested
//in the timeout scenario, so we look at the request cookies
//and if we have a previous session ID cookie, it means this is a
//new session due to the timing out of the old one.
//Note: slight problem here: in .Net 2.0 the ASP Session ID
//cookie name is configurable, but we don't have a way to
//retrieve that from the web.config - so if you customize
//the session cookie name in the web.config you'll have to
//use the same name here.
string request_cookies = Request.Headers["Cookie"];
if ((null != request_cookies) &&
(request_cookies.IndexOf("ASP.NET_SessionId") >= 0))
{
//cookie existed, so this new one is due to timeout.
//Redirect the user to the login page
//System.Diagnostics.Debug.WriteLine("Session expired!");
//Response.Redirect(Constants.HOME_PAGE + "?" +
// Constants.PARAM_REQUEST + "=" +
// Constants.PARAM_REQUEST_VALUE_TIMEOUT);
Session[“CatchTimeOut”] = true;
}
}
4. Create a base page to query the “CatchTimeOut” session variable and do a javascript alert
public class _BasePage : System.Web.UI.Page
{
protected override void OnLoad(EventArgs e)
{
// Be sure to call the base class's OnLoad method!
base.OnLoad(e);
//-----------------------------------------------------------------------
//
//-----------------------------------------------------------------------
if (Session[“CatchTimeOut”])
{
Session[“CatchTimeOut”] = false;
string strScript = "<script>alert('Your web session timed out.');</script>";
Page.ClientScript.RegisterStartupScript(this.Page.GetType(), "ShowInfo", strScript);
}
}
}
5. Inherit base page wherever base behavior is needed
· public partial class LnumberSearch : _BasePage
· {