Detecting Session expiry on ASP.NET MVC

CVertex picture CVertex · Sep 29, 2009 · Viewed 65.9k times · Source

I have built a shopping cart that uses Session State to keep the shopping cart data while the user is browsing the store.

I have an issue where if I leave the browser window open for a long time on step1 of the shopping cart, then press "go to step 2", my actions throw an error because the step2 action assumes the session hasn't expired and the ShopCart object is in the correct state.

I would like this scenario to be nicer for my users, but I think i need to somehow detect if the session has expired so that on next request I can throw them to Step1.

I found the following code that claims to to solve the problem, but it doesn't work for me.

The IsNewSession condition is true but the condition

if ((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0)) {
   // handle expired session
}

always returns false and it never handles the invalid session. I'm confused.

Is this possible in ASP.NET (and MVC)?

Answer

The King picture The King · Sep 29, 2009

Way 1

Put this code in the Init / Load event of Page 2...

        if (Context.Session != null)
        {
            if (Context.Session.IsNewSession)
            {
                string sCookieHeader = Request.Headers["Cookie"];
                if ((null != sCookieHeader) && (sCookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
                {

                    if (Request.IsAuthenticated)
                    {
                        FormsAuthentication.SignOut();
                    }
                    Response.Redirect("Error Page");
                }
            }
        }

Way 2

Alternative you can check whether the Session object exists before proceeding to work with it in Page 2, like this:

if (Session["Key"] != null)
{
   Object O1 = (Object) Session["Key"]; 
}
else
{
    Response.Redirect("ErrorPage.aspx");
}