Session Timeout and Page Redirecting Problem

Question

5.00/5 (1 vote)

See more:

Hi,

In the application I develop, I want to start session when user log in and to end when user log out or session timeouts.

I added the following code in web.config file,

HTML

<system.web> 
<sessionstate mode="InProc" cookieless="false" timeout="1"></sessionstate> 
<authentication mode="Forms"> 
<forms timeout="1"></forms> 
</authentication> 
</system.web>

I controlled the user login at login.aspx;

SqlConnection myConnect = new SqlConnection(); 
myConnect.ConnectionString = "Data Source=localhost; database=myWebSite; Integrated Security=true"; 
myConnect.Open(); 
SqlDataReader rd; 
String sqlString = "Select * From user where user_name= @userName and user_password= @userPassword"; 

SqlCommand myCommand = new SqlCommand(sqlString, myConnect); 
SqlParameter p1 = new SqlParameter("@userName", txt_userName.Text); 
SqlParameter p2 = new SqlParameter("@userPassword", txt_userPassword.Text); 

myCommand.Parameters.Add(p1); 
myCommand.Parameters.Add(p2); 
rd= myCommand.ExecuteReader(); 
if (rd.Read()) 
{ 
lbl_alert.Text ="Welcome" + rd["user_name"].ToString();
lbl_alert.Visible = true; 
Session["userID"] = rd["userId"].ToString(); 
if (Session["logged"] != null) 
{ 
Session["logged"] = 1; 
} 
} 
else 
{ 
lbl_alert.Text = "Wrong User name or Password!.."; 
lbl_alert.Visible = true; 
} 
rd.Dispose(); 
myConnect.Close();

At global.asax, I added the following code in functions

void Session_Start(object sender, EventArgs e)
{
       if ((Convert.ToInt32(Session[logged])==1)
          Response.Redirect("Home.aspx");
}

void Session_End(object sender, EventArgs e)
{
    if ((Convert.ToInt32(Session["logged"])!=1)
       Response.Redirect("Login.aspx");
}

When user logged in ,it doesn't direct the user to home page as I set in the code.And after 1 minute when I refresh the page ,again it doesn't redirect the user to login page.Also, I changed the timeout property to 1 minute at IIS side.

What should I do?

Thanks in advance for your replies..

Posted 7-Aug-11 10:40am

no_-_namee

Updated 7-Aug-11 11:30am

Not Active

v4

Add a Solution

Comments

[no name] 7-Aug-11 17:30pm

Format code snippets

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Not Active · Accepted Answer · 2011-08-07T11:39:00

Please view the ASP.NET page life cycle. The session has been started before the login page is processed. Seems logical right? How could you access a Session variable without the session having been started already?

Redirect the user after they have successfully logged in.

Also, this check should be made much earlier. Why go through the database call if the user is already logged in?

if(Session["logged"] != null)

Most importantly, you would be much better off using the built-in ASP.NET login controls and functionality. The session state and redirects would be handled automatically as configured in the web.config file.