My ASP.NET intranet web application uses Windows Authentication, and I would like to record the following details:

1) Windows ID
2) Session Start Time
3) Session Stop Time
4) URL being browsed to (optional)

I’ve got some basic code setup in “Session_Start” method of the Global.ASAX to log session start times (seen below), but that’s it so far. I have the feeling this is a primitive approach and there are “better” ways of doing this. So I really have two questions:

1) Is this the right way to go about doing this? If not what are some other options?

2) If this is the right way, do I just need to drop some code in the “Session_End” method to record the time they exit, and thats a complete solution? Does this method always get called when they close the browser tab they have the site open in, or do they have to close the entire browser (I don’t have logout functionality)? Any way users can skip over this session end method (or start for that case)?

    Dim connsql As New System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("MyConnectionstring").ConnectionString)
    Dim cmdsql As System.Data.SqlClient.SqlCommand = connsql.CreateCommand
    cmdsql.CommandText = "BeginUserSession"
    cmdsql.CommandType = Data.CommandType.StoredProcedure
    Try
        cmdsql.Parameters.Add("@windowsid", System.Data.SqlDbType.VarChar, 30, "windowsid")
        cmdsql.Parameters("@windowsid").Value = Session("UserInfo").identity.name
        If connsql.State <> System.Data.ConnectionState.Open Then connsql.Open()
        cmdsql.ExecuteNonQuery()
        connsql.Close()

    Catch ex As Exception

    Finally
        If connsql.State <> Data.ConnectionState.Closed Then connsql.Close()
    End Try
    'Stored Proc records start time