Problems with Session.IsNewSession - please help

Problems with Session.IsNewSession - please help

Post by rsouz » Fri, 15 Dec 2006 22:04:19


Recently here in my work we added the following code in the Global.asax
file to handled the session expired and redirect users to the home of
the site explaining them the occurred (some thing like "Your session
has expired, please restart your navigation.").

public void Session_Start(Object sender, EventArgs e) {

if(Session.IsNewSession && Request.Headers["Cookie"] != null &&
Request.Headers["Cookie"].IndexOf("ASP.NET_SessionId") >= 0)
// when the param "timeout" exists in the url the user
receives the message "... Session expired ..."

In our tests the code above works fine, but now sometimes we open the
browser, type the url address of the site and the message "... session
expired ..." appears. This occurs just in some machines and not all the
times we access the site.

Someone knows what is happening??



Problems with Session.IsNewSession - please help

Post by Peter Brad » Fri, 15 Dec 2006 23:26:57

This is completely off the top of my head, so I may be way out.

Firstly, I'm not sure that this is best way of achieving what you seem to be
after. What we do is to check for session timeouts in the page load event
on each page of our applications (using Session.IsNewSession()). If it's a
new session, we set a flag (either in a custom object, or in the Session)
and redirect the user to the login page, which checks for the existence of
the flag.

Looking at your code, you need to check each element in your if statement to
see why all of them are true.

It appears to me that Session.IsNewSession will always be true in the
Session_Start event handler. If the Session wasn't new, it presumably
wouldn't be starting. So your problem, if you must use the Session_Start
event, really is in knowing why the other two conditions are true.

But as I said, this is right off the top of my head.



Problems with Session.IsNewSession - please help

Post by Mark Ra » Sat, 16 Dec 2006 01:52:07

Get rid of the check for the cookie - it's not necessary.