Session problem with ASPX

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi,

I am a programmer and I have a question about a ASP.NET peace of code.

I have a program that has a session timeout of 2 minutes configured in
Web.config file:

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="2"
/>

In the code behind of my Main.aspx I have this C# peace of code:

private void Page_Load(object sender, System.EventArgs e)
{
Response.Write("<META HTTP-EQUIV=\"PRAGMA\" CONTENT=\"NO-CACHE\">");
// Retreaves the current user
// the user has been created in the Session_Start() of Global.asax
with the SQLServer connection
user = (Usager)Session[ "User" ];
if (IsPostBack)
{
// Retreives the department list from the session instead of the SQL
connection
arrayDept = (ArrayList)Session[ "ArrayDept" ];
}
else // Initial Load
{
arrayDept = new ArrayList();
DisplayDepartments();
LoadCustomers();
}
// Validate if the session has expired
if (arrayDept == null)
{
Response.Write( "Your Session as expired. Please close your browser
and relog to the site."
Response.Write("<SCRIPT
language=javascript>window.close();</SCRIPT>");
Response.End();
}
else
{
// Create an adapter and populate the dataset
CreateAdapter();
LoadDataSet();
ManageAccessRights();
}
}

Now if I load this site, wait 2 minutes and click somewhere on the page, the
“Your session as expired…” message appears. Since in trying to force the IE
window to close I get the standard “the Web page you are viewing is trying to
close the window. Do you want to close the window?” message. Is chose NO.
Then I click the IE BACK button, do a REFRESH, click yes to the standard
“...you must resend the information…” message and I get back to the exact
page where I was with my session reactivated.

I’m an old fashion ASP expert but I’m kind of new with this ASP.NET thing.
I’ve been struggling with this problem for a couple of days now.

Do you have any idea what may be the cause of this problem?

Thanks.


--
Steph
.

Relevant Pages

  • Re: whats the advantages and disadvantages
    ... register_globals isn't a security risk by itself. ... does, however, make it easy for the programmer to do stupid things. ... session variable called "loggedIn." ... there will be a variable called $loggedIn that is automatically ...
    (comp.lang.php)
  • Re: Unbound names in __del__
    ... >>> to hide the whole session thing from the programmer. ... the last reference makes the object eligible to be deleted 'sometime' (if ... dependable cross-implementation method that I know of. ...
    (comp.lang.python)
  • Re: [Full-Disclosure] defense against session hijacking
    ... > security lists about session hijacking in Web applications. ... > good defense for a programmer to store the IP address of the client ... > the client for each subsequent request, ... > method to protect against such an attack? ...
    (Full-Disclosure)
  • Re: ensure a parameter gets passed between pages
    ... programmer had to move between pages. ... If its not transparent or minimal in impact it probably ... windows of the same site they wont corrupt each other's session data. ... what id like is this functionality for my one single HiddenField. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Where is the documentation for /etc/environment?
    ... # Standard Un*x authentication. ... # Standard Un*x session setup and teardown. ... # Print the status of the user's mailbox upon successful login. ... /etc/X11/xdm/scripts ...
    (Debian-User)