You created an ASP.NET site with Windows Authentication. Your users like to bookmark various pages, but you do not want them to bookmark a data entry page.
This madness can be stopped by checking if the session is new, and if so redirect the user to the default page.
First create a Master Page base class and make your master pages inherit this class. The response.buffer code is stop caching the page, but that is not related to this example of stopping users from book marking pages. Take a look a the PageSetup() method.
The PageSetup() method will redirect the user to Default.aspx on a new session. Also, if you do not want this to be the case during development there is a config setting that can be set to bypass this feature.
protected override void OnLoad(EventArgs e)
{
//Expire the page to stop the back and forward button usage.
Response.Buffer = true;
Response.ExpiresAbsolute = DateTime.Now.AddHours(-1);
Response.Expires = 0;
Response.CacheControl = "no-cache";
//CheckSessionTimeout();
if (!Page.IsPostBack) PageSetup();
base.OnLoad(e);
}
///
/// Redirects user to default on new sessions. This only applies to users testing with the URL.
/// There is now security check here since it is handled outside of this site.
///
private void PageSetup()
{
string URL = Context.Request.Url.ToString().ToLower();
if (URL.Contains("anonymous/")) return;
if (Context.Session != null)
{
if (Session.IsNewSession)
{
if (!URL.ToLower().Contains("default.aspx")) Response.Redirect("default.aspx");
}
}
}
You want to expire the pages of your site anytime the users presses the back-button but for some reason the pages are always still there.
I found this works best if you place the expiration logic in the onload method. I have tried onIint but it seems on_load works close to all the time. In the example below a MasterPageBase class has the expiration logic. All master pages then inherit this page.
namespace MySite
{
public class MasterPageBase : System.Web.UI.MasterPage
{
protected override void OnLoad(EventArgs e)
{
//Expire the page to stop the back and forward button usage.
Response.Buffer = true;
Response.ExpiresAbsolute = DateTime.Now.AddHours(-1);
Response.Expires = 0;
Response.CacheControl = "no-cache";
if (!Page.IsPostBack) PageSetup();
//Load derived
base.OnLoad(e);
}
private void PageSetup()
{
if (Context.Session != null)
{
if (Session.IsNewSession) if (!URL.ToLower().Contains("default.aspx")) Response.Redirect("default.aspx");
}
}
}
}
Yes you can stop session timeouts. There is a easy way that does not require AJAX calls or other such methods. I have tested this method on an ASP.NET Data Entry page and left it up for 4 hours, clicked save, and all was well.
Dealing with Session Timeouts in ASP.NET was always a pain. I came across a method by Primary Objects that is simple to implement and will not only keep the session alive but will keep the worker process alive on the server as well.
Summary: Use a page such as KeepAlive.aspx and place it in a hidden iFrame on a master page. Use the Meta Refresh on this page to post back to the server every 19 minutes to keep the user session alive and the work process up and running.
There are three parts to this method.
1. Create a SessionAlive.aspx page and include this in an IFrame of your master page.
2. An optional part of this process is to display the last status refresh time on the status bar in the browser. This is good for testing purposes.
3. In the code behind of the KeepAlive.aspx page update the meta refresh tag after page loads for under 20 minutes. The typical session timeout.
The orignal posting of the solution can be found at Primary Objects.
Attached is the code for this solution.
SessionAliveCode.zip (1.75 kb)