I'm having a problem with the session after the browser is closed. When the browser is (completely) closed, I always need to login in again on my own website. I don't need to login if only one tab is closed.
So for example:
Situation 1:
- Open a browsers
- Open a second tab, open my site (and login).
- Close second tab and reopen my site (no login needed)
Situation 2:
- Open a browser.
- Open a second tab, open my site (and login).
- Close all tabs and browser completely. When I now open my site again, I have to login.
I'm use State Server to maintain the session state. I tested the same with 'In Process', but has the same result.
Any idea what is causing this and how to solve? When I google for this, I can only find people who are trying to expire the session on browser close. That's completely the other way around. Am I missing something?
The SessionID property is used to uniquely identify a browser with session data on the server. The SessionID value is randomly generated by ASP.NET and stored in a non-expiring session cookie in the browser
Non-expiring? It does expire right?!
When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. As a result, a new session ID is generated for each page request until the session object is accessed.
I use the session object on every page request, and still I receive a new session id on each request.
Right and Wrong ... It does not expire for as long as the browser stays open, It the browser app stays open and runs for 10 years, the Session cookie would not have expired.
Originally Posted by dannystommen
I use the session object on every page request, and still I receive a new session id on each request.
Are you calling the original Session Object or creating a new one????
I didn't know that there's a difference between using the original Session object or creating a new one. That's why I said "don't know actually", so I have also no idea how to check this either.
As mentioned before, in the OnInit event of each page request I do the following
Code:
if (Session["user"] == null)
{
Response.Redirect("/login.aspx");
}
In the login page:
Code:
..
Session["user"] = loggedInUser;
I guess that I'm using the original Session object, right?
I didn't know that there's a difference between using the original Session object or creating a new one. That's why I said "don't know actually", so I have also no idea how to check this either.
As mentioned before, in the OnInit event of each page request I do the following
Code:
if (Session["user"] == null)
{
Response.Redirect("/login.aspx");
}
In the login page:
Code:
..
Session["user"] = loggedInUser;
I guess that I'm using the original Session object, right?
Quinn, I don't see want your article tries to explain.
I've created a workaround I found somewhere, and seems to work just fine
Code:
protected override void OnPreInit(EventArgs e) {
base.OnPreInit(e);
//make session cookie 'persistant', otherwise it will expire on browser close
if (Session != null) {
//create cookie with session id name
HttpCookie cookie = new HttpCookie("ASP.NET_SessionId");
//add the session id
cookie.Value = Session.SessionID;
//set expire to 12 hours
cookie.Expires = DateTime.Now.AddHours(12);
//add the cookie to the response
Response.Cookies.Add(cookie);
}
}
Reply With Quote
Originally Posted by dannystommen
Bookmarks