Search This Blog

Wednesday, October 14, 2009

ASP.Net - Session Detection and Timeout in masterpages (

I have spent some time tracking down and implementing a solution to detect if a session exists for a user and if so wether it has timed out. If either is true a redirection occurs to the homepage.

I found an article on this that I reference here, I have modified it slightly to accommodate master pages but in essence it is the same. I recommend you read this article as it gives a lot of in depth explanation about its function that I won’t do here.

Now in the above article it talks about creating a custom base page class that inherits from the System.Web.UI.Page class that all pages (aspx) inherit from normally. If you use this method you would have to change any existing pages to inherit from this new custom class. I had a few pages and did not really want to have to do this so I modified the above example to utilise the masterpage that I was using throughout my site.

Create a class file in your App_Code folder called BaseMasterPage.

Imports Microsoft.VisualBasic
Public Class BaseMasterPage
    Inherits System.Web.UI.MasterPage
    Protected Overloads Overrides Sub OnInit(ByVal e As EventArgs)
        If Context.Session IsNot Nothing Then
            If Session.IsNewSession Then
                Dim szCookieHeader As String = Request.Headers("Cookie")
                If (szCookieHeader IsNot Nothing) AndAlso (szCookieHeader.IndexOf("ASP.NET_SessionId") >= 0) Then
                    'The session appears to have timedout, show message to that effect
                    'The page below sessionTimeout.aspx, display message then redirects using a meta refresh.
                    'redirect straight to front page if not timeout. This will capture if someone is trying to jump into the site
                End If
            End If
        End If
    End Sub
End Class

Open your codebehind masterPage file (e.g. Masterpage.master.vb) and change the following line from

Inherits System.Web.UI.MasterPage


Inherits BaseMasterPage

This means your masterpage is now inheriting from your custom class and not the default.

Create a sessionTimeOut page (does not have to an aspx can be straight html) but include the following in the head section, this will redirect the page after a set amount of time. Remember to also have a link to the page displayed incase the redirection fails for some reason.

<meta http-equiv="refresh" content="5;URL=/default.aspx">

if you are not redirected in 5 seconds please click

<a href="/defaults.aspx">here</a>

And that should be it. Now on any page that references the masterpage you will have a session check. It will check for a session startup event (without an existing session) and redirect to the homepage (or whatever page you decide). And also detect as session timeout and redirect to the homepage via a message.



1 comment:

  1. Hi, believe it or not, this is the only solution that has worked for me so far since I use a custom forms authentication and some values from the session. However, do you know were I can find more documentation concerning the relationship between forms authentication timeout and session timeout?