Thursday, March 29, 2012

Session value gone

I have an app. where a user logs in and it fills two main session var. to be used the whole time they are logged in. How can I check if they are empty or not while my app is running w/out having to do a check on each page ?Because then I want to redirect them to my login page.I assume your having them login, when they login correctly, your setting a session variable with a username or something simliar. I believe you have to do a check on each page if that page is to be secured for "loged in users" only.
http://www.dnzone.com/ShowDetail.asp?NewsId=565
This article may be of interest to you.

The easiest way is just to check on every page. If you want to get fancy, create a class implementing the IHttpModule interface and do it there.
NC...

Thanks you both, just copied same code to each page load event. Thanks.

What am I doing wrong? I put the following code and it doesn't show the alert screen.
If Session("companyID")="" Or Session("facilityID") = ""Then
'Generates the message:
Dim strMessageAsString
strMessage = "You have been inactive for more than 30 minutes. You must Login to Continue."
'finishes server processing, returns to client.
Dim strScriptAsString = "<script language=JavaScript>"
strScript += "alert(""" & strMessage & """);"
strScript += "</script>"
If (Not Page.IsStartupScriptRegistered("clientScript"))Then
Page.RegisterStartupScript("clientScript", strScript)
Response.Redirect("LogIn.aspx")
EndIf
EndIf
FOR ANSWER GO HEREhttp://forums.asp.net/1100617/ShowPost.aspx


Try this in your global.asax code behind:
Sub Application_PreRequestHandlerExecute(ByVal sender As Object, ByVal e As EventArgs)
Dim url As Array
url = HttpContext.Current.Request.Url.Segments
If IsNothing(Session("UserID")) Then
If url.IndexOf(url, "Login.aspx") = -1 Then
Response.Redirect("Login.aspx")
End If
End If
End Sub
This redirects anyone who does not have a Session("UserID"). If the request was to the login.aspx page, then we do nothing in order to avoid an infinate loop.
If you want to send them to an "Expired.htm" page, just add the following in the place of Response.Redirect("Login.aspx"):
If Session.IsNewSession Then
Response.Redirect("Login.aspx")
Else
Response.Redirect("Expired.htm")
End If
Hope this helps!
Paul


Ecc solution is the best but if you don't want to mess with the global.asax file then just create a secure base page that all your secured pages can inheirit from and then put the check in there or else you are going to have to modify all your pages if you ever need to make a change. Better to keep the code in one spot for maintenance purposes.
Posted by particularlyrtyf at 12:56 AM
Labels: , , , , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)