I am doing a website with asp.net. i have used session variable in my GLOBAL.ASAX file. the code is given below:
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
Session.Timeout = 100
Session("Loggedin") = "No"
End Sub
Sub Session_End(Sender As Object, E As EventArgs)
' Code that runs when a session ends
Session.Abandon()
Response.Redirect("index.aspx")
End Sub
----------------------------------------------------------
And in WEB.CONFIG i have used the following information inside <system.web> tag :
<sessionState mode="InProc"
cookieless="false"
timeout="100"/>
<pages buffer="false"
enableSessionState="true"
smartNavigation="false"
autoEventWireup="true"
validateRequest="false"
enableViewStateMac = "false"
enableViewState="true"/>
----------------------------------
I am storing the user details in sql database.
In the login page when theuser enter the usernam and pwd i check with the backend for valid username and pwd. Then i assign
session variable values if valid else i dont let it.
And then in every page i check if session variable is valid if not i do a server.transfer("index.aspx") to the login page.
Here, index.aspx is my login page.
This below code is included in every page after a succesful login to check for valid user. other than that 8i have not put
anyother check to find out valid user.
----------
Sub Page_Load(Sender As Object, E As EventArgs)
if Session("Loggedin") = "No" then
server.transfer("index.aspx")
end if
end sub
----------
Even after using these things when i login suddenly after a minute i am logged out though i am adding/deleting/viewing
records at the moment.
Please please tell me where i am going wrong. I have to give this project to my boss soon and i am stuck here since i am not
able find out the problem why the session expires and i am logged out and send back to the login page.
Seema
(Mail ID: gaur.seema at rediffmail.com)