Home/ Questions/Q 3667754
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T02:02:25+00:00

i am new in asp.net form authentication and sessions i would like to know

  • 0

i am new in asp.net form authentication and sessions

i would like to know how to save session in masterpage or in global.asax
and how to clear session

how to better handle session timeout by redirecting to a page

this is my web.config session settings

<sessionState mode="InProc" cookieless="false" timeout="1"></sessionState>

code in my masterpage

 if (Request.Url.AbsolutePath.EndsWith("SessionExpired.aspx", StringComparison.InvariantCultureIgnoreCase))
    {
        HtmlMeta meta = new HtmlMeta();
        meta.HttpEquiv = "Refresh";
        meta.Content = "7; URL=./Login.aspx";
        Page.Header.Controls.Add(meta);
    }
    else
        HttpContext.Current.Response.AppendHeader("Refresh", Convert.ToString((Session.Timeout * 60)) + "; Url=./Public/SessionExpired.aspx");
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As such, your strategy looks OK to me but I would have preferred a different implementation:

    1. Use an abstract class derived from System.Web.UI.Page as a base class for all pages. Let’s say we call this class as a BasePage.
    2. Add a virtual method such as IsRefreshHeaderNeeded – the default implementation will return true. The method will be invoked in PreRender stage of BasePage to add actual refresh header in response.
    3. In SessionExpired page, IsRefreshHeaderNeeded will be overridden to return false. (Similar can be needed in pages such as login or pages that don’t need session support).
    4. Refresh header/meta to redirect to login page will be added in SessionExpired page itself (really its a logic within the page, why to put it at global place). SessionExpired page would of course have link for use to manually navigate to login page (in case redirect does not work).

    Master page is a content template and I prefer to have only logic related that that content within the master page.

    Yet another strategy is not to use client side refresh for session expiry but rather do it from server side when you dictates that current session has expired when user visits the site back. Extending further, you may even have implementation that save critical session data into database so that you can reconstruct the session and from user experience perspective, there will be no session expiry.

    • 0