3

In ASP.NET MVC3, I can't seem to override a session timeout. I have set breakpoints at all the relevant server-side code points I can think of (controller actions and methods in globax.ax.cs) but nothing seems to get hit on session timeout.

I even applied an attribute as suggested here: (http://www.tyronedavisjr.com/2008/11/23/detecting-session-timeouts-using-a-aspnet-mvc-action-filter/) but even it was not hit when the session timed out. Surely the timeout must be session-side, but where?

Does anyone know what exactly happens when an ASP.NET MVC application has a session timeout?

Improve this question
5
  • Can you clarify what you mean when you say override? Are you trying to extend the timeout period or do something when a session times out? Commented Aug 1, 2012 at 15:22
  • Are you talking about forms authentication? If so there is a timeout attribute in the <forms> tag of your web.config. you can set it to whatever you want. Commented Aug 1, 2012 at 15:26
  • @StephenLloyd: I want to do something when a session times out. eg, call a method. Commented Aug 1, 2012 at 15:27
  • @Forty-Two: Yes, I'm using the forms authentication timeout value. I don't want to change the timeout value. Commented Aug 1, 2012 at 15:27
  • Are you actually using sessions or just forms authentication. FormsAuthentication != Session. Unless you are actually storing something in session, you will not get a session timeout (you don't have one) Commented Aug 1, 2012 at 20:56

2 Answers 2

Reset to default
3

What sessionState mode are you using? (<sessionState mode=" ... "> in web.config)

You should be able to add the following method to your Global.asax.cs to override the default Session_End behaviour:

protected void Session_OnEnd(object sender, EventArgs e)
{
    // insert code here
}

Things to bear in mind:

  • The Session_OnEnd / Session_End event will only be called if the HttpSessionState.Mode property value is InProc (this is the default, so if you've not changed it in the web.config this should be fine). If you've changed it to StateServer or SQLServer, then the Session_OnEnd event in the Global.asax file is ignored.

  • The Session_OnEnd / Session_End event is called by the application when it abandons the session - not when you close the browser. You can manually trigger it by calling Session.Abandon

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hmm, I don't have the SessionState set in my web.config (perhaps I should), so can I find this out at runtime? It's not hitting either the Session_OnEnd / Session_End method I have created in my Global.asax.
Sorry, ignore above, I had to add the sessionstate to my web.config and now it's working. Thanks.
See msdn.microsoft.com/en-us/library/h6bb9cz9%28v=vs.100%29.aspx - it defaults to 20 minute timeout and inProc mode. Glad you got it working :)
3

Typically, session timeouts can be handled in the Session_End event in your Global.asax 

void Session_End(object sender, EventArgs e) {
    // perform last minute procedures before session ends
}

According to the MSDN, the HttpSessionState.Timeout property has a setter and can be changed from within your application's code as well as permanently in the web.config

Improve this answer

2 Comments

So if that method doesn't exist in my Global.asax, I assume I can safely create it and handle it there?
Yes, indeed. Please note that this event does not fire after closing the browser, only when the Session truly ends. You can force a session to end using HttpContext.Current.Session.Abandon();

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.