Redirect to login page if session get expired in ASP.Net

Last Reply on Jan 16, 2017 03:06 AM By Indresh

Posted on Jan 16, 2017 01:53 AM

please i got these example on your site but the solution is using session which throws errors if session expies. i want to remove section from login, i dont want to fetch username with session

 

string userName;
    protected void ValidateUser(object sender, EventArgs e)
    {
        string constr = ConfigurationManager.ConnectionStrings["conn"].ConnectionString;
        using (SqlConnection con = new SqlConnection(constr))
        {
            using (SqlCommand cmd = new SqlCommand("Validate_User"))
            {
                using (SqlDataAdapter sda = new SqlDataAdapter())
                {
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@Email", LoginINNOVATION.UserName);
                    cmd.Parameters.AddWithValue("@Password", (LoginINNOVATION.Password));
                    cmd.Connection = con;
                    con.Open();
                    userName = Convert.ToString(cmd.ExecuteScalar());
                    con.Close();
                }

                if (!string.IsNullOrEmpty(userName) && userName != "-1" && userName != "-2")
                {
                    FormsAuthentication.RedirectFromLoginPage(LoginINNOVATION.UserName, LoginINNOVATION.RememberMeSet);
                     Session["userName"] = userName;
                }
                else
                {
                    switch (Convert.ToInt32(userName))
                    {
                        case -1:
                            LoginINNOVATION.FailureText = "Username or password not correct.";
                            break;
                        case -2:
                            LoginINNOVATION.FailureText = "Account has not been activated.";
                            break;
                    }
                }
            }
        }
    }

landing page

 

protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            

            if (this.Page.User.Identity.IsAuthenticated)
            {
                this.GetUserDetail();
            }
        }
    }
private void GetUserDetail()
    {
        string str = ConfigurationManager.ConnectionStrings["conn"].ConnectionString;
        string getADPOST = "GetUSERPRO";
        using (SqlConnection con = new SqlConnection(str))
        {
            con.Open();
            using (SqlCommand cmd = new SqlCommand(getADPOST, con))
            {
                cmd.CommandType = CommandType.StoredProcedure;
             // cmd.Parameters.AddWithValue("@Id", this.Page.User.Identity.IsAuthenticated);
                cmd.Parameters.AddWithValue("@UserName", Session["userName"]);
               // cmd.Parameters.AddWithValue("@UserName", username);
                cmd.Parameters.AddWithValue("@FriendUserName", Session["userName"]);
           cmd.Parameters.AddWithValue("@Name", Session["userName"]);
                SqlDataAdapter da = new SqlDataAdapter(cmd);
                DataTable ds = new DataTable();
               
                da.Fill(ds);

              //  System.Web.HttpContext.Current.Session["UserName"] = dt.Rows[0]["ImageName"];
               // System.Web.HttpContext.Current.Session["UserName"] = dt.Rows[0]["Name"];



                userprofile.DataSource = ds;
                userprofile.DataBind();
                {


                    {

                    }
                }
            }
        }
    }

 

Posted on Jan 16, 2017 03:06 AM Modified on on Jan 16, 2017 04:12 AM

Hi micah,

1) It seems your session Get expires. You can set Session timeout by setting in webconfig refer the below link.

What is the Default Session TimeOut in ASP.Net and from where I can change it

2) If you don’t want to use session to maintain user name then you can use cookies or other option if you can implement.

ASP.Net Cookies: Read, Write (Save) and Remove (Delete) Cookies in ASP.Net using C# and VB.Net

3) But if you are using Session ["userName"] on other page and if it expire then you can check if session is null or not.

So you can check on landing page for Session["userName"] null condition if it null redirect to login page so user can relogin if its sesson get expire.

4) If you are using other option then also you need to maintain the value for user name like you are doing with session now for Landing Page.

If it also expires same error will occur again and again.