This post illustrate the 3 main steps to manage session in Web Forms application. This is not the only one way to do this, but it’s easy and responsive to a better user experience.
Step 1
In the Global.asax.cs in the Session_Start event add this code:
// Code that runs when a new session is started
if (Context.Session != null)
{
if (Context.Session.IsNewSession)//|| Context.Session.Count==0)
{
string sCookieHeader = Request.Headers["Cookie"];
if ((null != sCookieHeader) && (sCookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
{
//if (Request.IsAuthenticated)
FormsAuthentication.SignOut();
Response.Redirect(Utility.Costants.PAGES_SESSIONEXPIRED);
}
}
}
and also in the Session_End event
Session.Clear();
Step 2
Add this in the web.config
<sessionState
mode="InProc"
timeout="30">
<providers>
<clear/>
</providers>
</sessionState>
Step 3
Create a custom Logout page and add this snippet on the Page_Load
if (User.Identity.IsAuthenticated)
{
Session.Clear();
Session.Abandon();
Request.Cookies.Clear();
FormsAuthentication.SignOut();
}
Enjoy!
