Saturday 10 December 2011

Base Page For Detecting Session Timeout in ASP.Net/C#



In this tutorial we will be going over how to create a base page class to handle your sessions. The number one question I get asked time and time again is how to manage sessions, and how to detect if a session has expired. Back in the days before .Net things were a little more complicated when it came to solving this riddle, but with the advent of the .Net Framework 2.0 a new class was introduced, the HttpSessionState Class, which is a member of the System.Web.SessionState Namespace. The new HttpSessionState Class gives us access to session state items and other lifetime management methods.

One of the items in the
HttpSessionState class we will be looking at is the IsNewSession Property. This property lets us know whether the current session was created wtih the current request, or if it was an existing session. This is invaluable as we can use it to determine if the users session had expired or timed out. The IsNewSession Property is more robust and advanced then simply checking if the session is null because it takes into account a session timeout as well.

In this tutorial we will create a base page class that we can inherit all our pages from, and in this class we will check the status of the users session in the
Page.OnInit Method. The OnOnit Method fires before the Page Load Event, giving us the ability to check the session before the page is actually rendered. So lets get to some code.

The first thing we will need to do, as with any class you create, is to make sure we have a reference to the appropriate Namespaces. For our class we need but 2 Namespaces, the
System.Web.UI Namespace and the System Namespace, so lets add them to our class.

NOTE:
All Namespace references need to come before the declaration of your class.

csharp
  1. using System;  
  2. using System.Web.UI;  


using System;

using System.Web.UI;



Now we are going to declare our class, the class in this example is named
SessionCheck, and it looks like

csharp
  1. public class SessionCheck: System.Web.UI.Page  
  2. {  
  3.   
  4. }  


public class SessionCheck: System.Web.UI.Page

{

  

}



You will notice that our base class, which we will be inheriting from, inherits from the System.Web.UI.Page class. Doing this gives us access to all the methods, properties and events of the
Page class. In our base class we will have a single property, this will be the property that will hold the URL we want the user to redirect to if there is a problem with their session. We make this property static so we can access it without having to create an instance of the class. We dont want to have to do this because we are inheriting from it. This is our property

csharp
  1. /// <summary>  
  2. /// property vcariable for the URL Property  
  3. /// </summary>  
  4. private static string _url;  
  5.   
  6. /// <summary>  
  7. /// property to hold the redirect url we will  
  8. /// use if the users session is expired or has  
  9. /// timed out.  
  10. /// </summary>  
  11. public static string URL  
  12. {  
  13.     get { return _url; }  
  14.     set { _url = value; }  
  15. }  


/// <summary>

/// property vcariable for the URL Property

/// </summary>

private static string _url;

  

/// <summary>

/// property to hold the redirect url we will

/// use if the users session is expired or has

/// timed out.

/// </summary>

public static string URL

{

    get { return _url; }

    set { _url = value; }

}



Now that we have our property out of the way, we will look at the only method of our base class, the
OnInit Method, which we will override in order to add our ow functionality. In this method we will also initialize our base class, you do that with this line
csharp
  1. base.OnInit(e);  


base.OnInit(e);



In our
OnInit Method we will first check to see if the current session is null. If the session is null we then will check the IsNewSession Property to see if this session was created in this request. If we determine the session is a new session, we will then cal upon the Headers Property of the HttpRequest Class, which is located in the System.Web Namespace.

The
Header we are retrieving is the Cookie Header. Once we have this, we will first check to see if it's null, if it's not null we will look for the value ASP.Net_SessionId. Now if we make it this far, and that cookie exists, we know the session has timed out, so we will then redirect the user to our redirect page, which is set with the URL Property. So lets take a look at our new OnInit Method:

csharp
  1. override protected void OnInit(EventArgs e)  
  2. {  
  3.     //initialize our base class (System.Web,UI.Page)  
  4.     base.OnInit(e);  
  5.     //check to see if the Session is null (doesnt exist)  
  6.     if (Context.Session != null)  
  7.     {  
  8.         //check the IsNewSession value, this will tell us if the session has been reset.  
  9.         //IsNewSession will also let us know if the users session has timed out  
  10.         if (Session.IsNewSession)  
  11.         {  
  12.            //now we know it's a new session, so we check to see if a cookie is present  
  13.             string cookie = Request.Headers["Cookie"];  
  14.             //now we determine if there is a cookie does it contains what we're looking for  
  15.             if ((null != cookie) && (cookie.IndexOf("ASP.NET_SessionId") >= 0))  
  16.             {  
  17.                 //since it's a new session but a ASP.Net cookie exist we know  
  18.                 //the session has expired so we need to redirect them  
  19.                 Response.Redirect("Default.aspx?timeout=yes&success=no");  
  20.             }  
  21.         }  
  22.     }  
  23. }  


override protected void OnInit(EventArgs e)

{

    //initialize our base class (System.Web,UI.Page)

    base.OnInit(e);

    //check to see if the Session is null (doesnt exist)

    if (Context.Session != null)

    {

        //check the IsNewSession value, this will tell us if the session has been reset.

        //IsNewSession will also let us know if the users session has timed out

        if (Session.IsNewSession)

        {

           //now we know it's a new session, so we check to see if a cookie is present

            string cookie = Request.Headers["Cookie"];

            //now we determine if there is a cookie does it contains what we're looking for

            if ((null != cookie) && (cookie.IndexOf("ASP.NET_SessionId") >= 0))

            {

                //since it's a new session but a ASP.Net cookie exist we know

                //the session has expired so we need to redirect them

                Response.Redirect("Default.aspx?timeout=yes&success=no");

            }

        }

    }

}



That's it, we have completed our base class which all our web forms will inherit from, allowing us to keep an eye on the users session. Now that we have the class completed we need to use it. Before it can be affected we need to do 1 of 2 things
  1. Add EnableSessionState = true to the @Page directive on all pages that will inherit from our base class or
  2. Add the following line to the <system.web> section of our web.config file:

CODE

<pages autoEventWireup="true" enableSessionState="true" enableViewState="true" enableViewStateMac="true" smartNavigation="true" validateRequest="false" />
Number 2 on that list will enable session state on all pages in the web. If you dont access session items in each of your pages, this might be overkill. Next we will need to inherit from our base class. Doing this will give our web form the following declaration

csharp
  1. public partial class _Default : SessionCheck  
  2. {  
  3.   
  4. }  


public partial class _Default : SessionCheck

{

  

}



Then in the
Page_Load Event we will set the redirect URL for our base class

csharp
  1. protected void Page_Load(object sender, EventArgs e)  
  2. {  
  3.     SessionCheck.URL = "Default.aspx";  
  4. }  


protected void Page_Load(object sender, EventArgs e)

{

    SessionCheck.URL = "Default.aspx";

}


Now here is the entire base page in its entirety


csharp
  1. // ********************************************************************************  
  2. *********  
  3. //                           LICENSE INFORMATION  
  4. // ********************************************************************************  
  5. *********  
  6. //   SessionCheck Version 1.0.0.0  
  7. //   A Base Page class for detecting session time outs  
  8. //  
  9. //   Copyright © 2008    
  10. //   Richard L. McCutchen   
  11. //   Created: 05MAR08  
  12. //  
  13. //   This program is free software: you can redistribute it and/or modify  
  14. //   it under the terms of the GNU General Public License as published by  
  15. //   the Free Software Foundation, either version 3 of the License, or  
  16. //   (at your option) any later version.  
  17. //  
  18. //   This program is distributed in the hope that it will be useful,  
  19. //   but WITHOUT ANY WARRANTY; without even the implied warranty of  
  20. //   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the  
  21. //   GNU General Public License for more details.  
  22. //  
  23. //   You should have received a copy of the GNU General Public License  
  24. //   along with this program.  If not, see <http://www.gnu.org/licenses/>.  
  25. // ********************************************************************************  
  26. *********  
  27.   
  28. using System;  
  29. using System.Web.UI;  
  30.   
  31. /// <summary>  
  32. /// This is a custom "base page" to inherit from which will be used  
  33. /// to check the session status. If the session has expired or is a timeout  
  34. /// we will redirect the user to the page we specify. In the page you use  
  35. /// to inherit this from you need to set EnableSessionState = True  
  36. /// </summary>  
  37. public class SessionCheck : System.Web.UI.Page  
  38. {  
  39.     /// <summary>  
  40.     /// property vcariable for the URL Property  
  41.     /// </summary>  
  42.     private static string _redirectUrl;  
  43.   
  44.     /// <summary>  
  45.     /// property to hold the redirect url we will  
  46.     /// use if the users session is expired or has  
  47.     /// timed out.  
  48.     /// </summary>  
  49.     public static string RedirectUrl  
  50.     {  
  51.         get { return _redirectUrl; }  
  52.         set { _redirectUrl = value; }  
  53.     }  
  54.   
  55.     public SessionCheck()  
  56.     {  
  57.         _redirectUrl = string.Empty;  
  58.     }  
  59.   
  60.     override protected void OnInit(EventArgs e)  
  61.     {  
  62.         //initialize our base class (System.Web,UI.Page)  
  63.         base.OnInit(e);  
  64.         //check to see if the Session is null (doesnt exist)  
  65.         if (Context.Session != null)  
  66.         {  
  67.             //check the IsNewSession value, this will tell us if the session has been reset.  
  68.             //IsNewSession will also let us know if the users session has timed out  
  69.             if (Session.IsNewSession)  
  70.             {  
  71.                //now we know it's a new session, so we check to see if a cookie is present  
  72.                 string cookie = Request.Headers["Cookie"];  
  73.                 //now we determine if there is a cookie does it contains what we're looking for  
  74.                 if ((null != cookie) && (cookie.IndexOf("ASP.NET_SessionId") >= 0))  
  75.                 {  
  76.                     //since it's a new session but a ASP.Net cookie exist we know  
  77.                     //the session has expired so we need to redirect them  
  78.                     Response.Redirect("Default.aspx?timeout=yes&success=no");  
  79.                 }  
  80.             }  
  81.         }  
  82.     }  
  83. }  


// ********************************************************************************

*********

//                           LICENSE INFORMATION

// ********************************************************************************

*********

//   SessionCheck Version 1.0.0.0

//   A Base Page class for detecting session time outs

//

//   Copyright © 2008  

//   Richard L. McCutchen 

//   Created: 05MAR08

//

//   This program is free software: you can redistribute it and/or modify

//   it under the terms of the GNU General Public License as published by

//   the Free Software Foundation, either version 3 of the License, or

//   (at your option) any later version.

//

//   This program is distributed in the hope that it will be useful,

//   but WITHOUT ANY WARRANTY; without even the implied warranty of

//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

//   GNU General Public License for more details.

//

//   You should have received a copy of the GNU General Public License

//   along with this program.  If not, see <http://www.gnu.org/licenses/>.

// ********************************************************************************

*********

  

using System;

using System.Web.UI;

  

/// <summary>

/// This is a custom "base page" to inherit from which will be used

/// to check the session status. If the session has expired or is a timeout

/// we will redirect the user to the page we specify. In the page you use

/// to inherit this from you need to set EnableSessionState = True

/// </summary>

public class SessionCheck : System.Web.UI.Page

{

    /// <summary>

    /// property vcariable for the URL Property

    /// </summary>

    private static string _redirectUrl;

  

    /// <summary>

    /// property to hold the redirect url we will

    /// use if the users session is expired or has

    /// timed out.

    /// </summary>

    public static string RedirectUrl

    {

        get { return _redirectUrl; }

        set { _redirectUrl = value; }

    }

  

    public SessionCheck()

    {

        _redirectUrl = string.Empty;

    }

  

    override protected void OnInit(EventArgs e)

    {

        //initialize our base class (System.Web,UI.Page)

        base.OnInit(e);

        //check to see if the Session is null (doesnt exist)

        if (Context.Session != null)

        {

            //check the IsNewSession value, this will tell us if the session has been reset.

            //IsNewSession will also let us know if the users session has timed out

            if (Session.IsNewSession)

            {

               //now we know it's a new session, so we check to see if a cookie is present

                string cookie = Request.Headers["Cookie"];

                //now we determine if there is a cookie does it contains what we're looking for

                if ((null != cookie) && (cookie.IndexOf("ASP.NET_SessionId") >= 0))

                {

                    //since it's a new session but a ASP.Net cookie exist we know

                    //the session has expired so we need to redirect them

                    Response.Redirect("Default.aspx?timeout=yes&success=no");

                }

            }

        }

    }

}

And there you have it, a custom base class that you can use to detect session timeouts. I hope you found this tutorial helpful and useful, and thank you for reading smile.gif

Happy Coding!

No comments:

Post a Comment