Tallan Blog

Tallan’s Experts Share Their Knowledge on Technology, Trends and Solutions to Business Challenges

Handle asp.net MVC session expiration

Here is a really simple way to handle a session expiration in asp.net MVC using a base controller.  Having all controller inherit from a basecontoller and overriding the OnActionExecuting event allows for checking the session before all actions are executed.

Here is the code

public class BaseController : Controller
    protected override void OnActionExecuting
        (ActionExecutingContext filterContext)
        // If session exists
        if (filterContext.HttpContext.Session != null)
            //if new session
            if (filterContext.HttpContext.Session.IsNewSession)
                string cookie =
                //if cookie exists and sessionid index is greater than zero
                if ((cookie !=null) &&
                    (cookie.IndexOf("ASP.NET_SessionId") >= 0))
                    //redirect to desired session 
                    //expiration action and controller
                    filterContext.Result =
                        RedirectToAction("SessionExpired", "Home");
        //otherwise continue with action

This simple but effective method ensures that no actions will be executed if the session has expired forcing the user to login again

Learn more about Tallan or see us in person at one of our many Events!

Share this post:

3 Comments. Leave new

Jeannetta Duttry
September 14, 2011 10:24 pm

Appreciate your sharing this ” Handle asp.net MVC session expiration “. Your website is very well made. I am just stunned at the details you’ve got in this net site. It divulges precisely how effectively you understand this specific matter. Just bookmarked http://blog.tallan.com/2010/06/25/handle-asp-net-mvc-session-expiration, will return for more information. I came across exactly the details I want immediately after browsing in all places and merely couldn’t obtain. What a great web page.

ASP.net MVC | Pearltrees
April 28, 2012 7:39 am

[…] Handle asp.net MVC session expiration There’s a lot more than meets the eye when you need to handle session and authentication timeout scenarios in ASP.NET MVC. […]


I would love to manage custom behavior on my website. i have 2 cases:
1) i access to my website from another web site, in that case i don’t need to login because it will be done automatically. It is meaning that no login page will be shown on that case and the login will be done automatically even in the authentication tiemed out.

2) A User can access to my web site in the usual way by entering login and password and when the authentication is timed out, the user will need to reenter login and password

May you let me how to implement that ?



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>