Tallan's Technology Blog

Tallan's Top Technologists Share Their Thoughts on Today's Technology Challenges

Handle asp.net MVC session expiration

Craig Vallee

Here is a really simple way to handle a session expiration in asp.net MVC using a base controller.  Having all controller inherit from a basecontoller and overriding the OnActionExecuting event allows for checking the session before all actions are executed.

Here is the code

public class BaseController : Controller
{
    protected override void OnActionExecuting
        (ActionExecutingContext filterContext)
    {
        // If session exists
        if (filterContext.HttpContext.Session != null)
        {
            //if new session
            if (filterContext.HttpContext.Session.IsNewSession)
            {
                string cookie =
                    filterContext.HttpContext.Request.Headers["Cookie"];
                //if cookie exists and sessionid index is greater than zero
                if ((cookie !=null) &&
                    (cookie.IndexOf("ASP.NET_SessionId") >= 0))
                {
                    //redirect to desired session 
                    //expiration action and controller
                    filterContext.Result =
                        RedirectToAction("SessionExpired", "Home");
                    return;
                }
            }
        }
        //otherwise continue with action
        base.OnActionExecuting(filterContext);
    }
}
}

This simple but effective method ensures that no actions will be executed if the session has expired forcing the user to login again

-Craig

3 Comments. Leave new

Appreciate your sharing this ” Handle asp.net MVC session expiration “. Your website is very well made. I am just stunned at the details you’ve got in this net site. It divulges precisely how effectively you understand this specific matter. Just bookmarked http://blog.tallan.com/2010/06/25/handle-asp-net-mvc-session-expiration, will return for more information. I came across exactly the details I want immediately after browsing in all places and merely couldn’t obtain. What a great web page.

[…] Handle asp.net MVC session expiration There’s a lot more than meets the eye when you need to handle session and authentication timeout scenarios in ASP.NET MVC. […]

Hi,

I would love to manage custom behavior on my website. i have 2 cases:
1) i access to my website from another web site, in that case i don’t need to login because it will be done automatically. It is meaning that no login page will be shown on that case and the login will be done automatically even in the authentication tiemed out.

2) A User can access to my web site in the usual way by entering login and password and when the authentication is timed out, the user will need to reenter login and password

May you let me how to implement that ?

Regards

Xavier

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>