[seemagaur]

I am doing a website with asp.net. i have used session variable in my GLOBAL.ASAX file. the code is given below:

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
Session.Timeout = 100
Session("Loggedin") = "No"
End Sub

Sub Session_End(Sender As Object, E As EventArgs)
' Code that runs when a session ends

Session.Abandon()
Response.Redirect("index.aspx")
End Sub
----------------------------------------------------------
And in WEB.CONFIG i have used the following information inside <system.web> tag :

<sessionState mode="InProc"
cookieless="false"
timeout="100"/>

<pages buffer="false"
enableSessionState="true"
smartNavigation="false"
autoEventWireup="true"
validateRequest="false"
enableViewStateMac = "false"
enableViewState="true"/>
----------------------------------
I am storing the user details in sql database.
In the login page when theuser enter the usernam and pwd i check with the backend for valid username and pwd. Then i assign

session variable values if valid else i dont let it.
And then in every page i check if session variable is valid if not i do a server.transfer("index.aspx") to the login page.

Here, index.aspx is my login page.
This below code is included in every page after a succesful login to check for valid user. other than that 8i have not put

anyother check to find out valid user.
----------
Sub Page_Load(Sender As Object, E As EventArgs)
if Session("Loggedin") = "No" then
server.transfer("index.aspx")
end if
end sub
----------

Even after using these things when i login suddenly after a minute i am logged out though i am adding/deleting/viewing

records at the moment.
Please please tell me where i am going wrong. I have to give this project to my boss soon and i am stuck here since i am not

able find out the problem why the session expires and i am logged out and send back to the login page.
Seema

(Mail ID: gaur.seema at rediffmail.com)

[rrhodes]

Hi seemagaur,

I can't see any immediate problems with your code, but my techniques for doing the same are different:

1) Don't mess with Session_Start and Session_End events (you've already got the redirect in your page check, and your code in Session_End seems redundant compared to the rest).

2) In your login script, set your Session("Loggedin") = "Yes" after successful login.

3) In your page test for being logged in, make your test check for whether they have logged in (not that they haven't logged in). That is, if they have not logged in, no session var will be set and you can first check the var to not be "IsEmpty()" and then check for a value of "Yes". Comparing an empty session var against "Loggedin" = "No" will probably not evaluate if the session var is empty.

As for the timing out after a minute - I'm not sure. Keep in mind the following factors could restart your application if in a shared development enviroment and drop your session: 1) Saving new web.config or machine.config, 2) rebuilding the application, 3) restartig IIS

Maybe some of that will help.

[seemagaur]

thanks robert

I tried it and it seems that it is working..i will make someone else also cross check coz i cant believe it that it is working.have been struggling with this problem even after finishing my work on time. There is one other problem though. When i login and click any hyperlink then the address bar shows the page link of the page i am navigating to which is correct but even when i come back to the index page it still shows the old page link in the Address bar. Any idea why? and how i can correct it?

Once again thanks for your help
Seema

[rrhodes]

I believe Server.Transfer tends not to change the URL, and Response.Redirect will change it. There are pros and cons of each method (but I forget what they are, you might searh on them).