Manage Session in Asp.Net application

This post illustrate the 3 main steps to manage session in Web Forms application. This is not the only one way to do this, but it’s easy and responsive to a better user experience.

Step 1

In the Global.asax.cs in the Session_Start event add this code:

// Code that runs when a new session is started
if (Context.Session != null)
{
    if (Context.Session.IsNewSession)//|| Context.Session.Count==0)
    {
        string sCookieHeader = Request.Headers["Cookie"];
        if ((null != sCookieHeader) && (sCookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
        {
           //if (Request.IsAuthenticated)
           FormsAuthentication.SignOut();
           Response.Redirect(Utility.Costants.PAGES_SESSIONEXPIRED);
        }
    }
}

and also in the Session_End event

Session.Clear();

Step 2

Add this in the web.config

<sessionState
        mode="InProc"
        timeout="30">
      <providers>
        <clear/>
      </providers>
    </sessionState>

Step 3

Create a custom Logout page and add this snippet on the Page_Load

if (User.Identity.IsAuthenticated)
{
    Session.Clear();
    Session.Abandon();
    Request.Cookies.Clear();
    FormsAuthentication.SignOut();
}

Enjoy!

Advertisements