Home/ Questions/Q 8211533
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T10:27:28+00:00

I’m having an issue where my session is expiring, Session[UserId] = userId; but the

  • 0

I’m having an issue where my session is expiring, 

Session["UserId"] = userId;

but the authentication cookie is still there so the [authorize] attribute is still allowing the user to navigate the system until the system tries to read the session variables and errors out. Null exception

Are there any thoughts on how to make the auth cookie go away when the session expires? I would certainly appreciate any insight as I am new to ASP.NET MVC 3.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are many ways you can do this. Here is just one idea. 

    public class ControllerBase : Controller
{
    public ControllerBase()
        : base()
    {
        this.VerifySession();  
    }

    /// <summary>
    /// Indicates whether the session must be active and contain a valid customer.
    /// </summary>
    protected virtual bool RequiresActiveSession
    {
        get { return true; }
    }

    public void VerifySession()
    {
        if (this.RequiresActiveSession && Session["UserId"] == null)
        {
            Response.Redirect(Url.Action("LoginPage"));
        }
    }

}

public class HomeController : ControllerBase
{
    protected override bool RequiresActiveSession
    {
        get
        {
            return true;
        }
    }

    public ActionResult Index()
    {
        return View();
    }
}

    Basically you have a controller base which will handle validating the session. And any controller that inherits from it can specify if it wants to validate the session or not.

    OR

    you could create a custom Action Filter which allows you to attribute your controller or actions and hook your code into the processing pipeline of before executing your controllers actions.

    • 0