How can I redirect to a page when the user session expires?

Question

I am currently working on an web application that uses ASP.NET 2.0 framework. I need to redirect to a certain page, say SessionExpired.aspx, when the user session expires. T

Answer 1

You can't redirect the user when the session expires because there's no browser request to redirect:

• If the user visits your site within the session timeout (20 minutes by default), the session hasn't ended, therefore you don't need to redirect them.
• If the user visits your site after the session has timed out, the session has already ended. This means that they will be in the context of a new session - Session_OnEnd will already have fired for the old session and instead you'll be getting Session_OnStart for the new session.

Other than a client-side feature (eg JavaScript timer etc), you therefore need to handle the redirect in a Session_OnStart instead - but obviously you need to distinguish this from someone coming to the site afresh. One option is to set a session cookie when their session starts (ie a cookie with no expiry so that it only lasts until the browser is closed), then look for that cookie in Session_OnStart - if it's present it is a returning user with an expired session, if not it's a new user.

Obviously you can still use Session_OnEnd to tidy up on the server side - it's just the client interaction that isn't available to you.