«

In Dino Esposito's book, "Programming Microsoft ASP.NET", there is a chapter
titled, "ASP.NET State Management". There is a section in there discussing
session state sometimes going away. He mentions that in version 1.1 of
ASP.NET, that it isn't possible for the application to know about the
session expiring. He gives a work around which you can try using that is
put into the Session_Start event, which would first determine if there
exists a cookie called "started_at". If there isn't, then the session was
never started, you create the cookie and then put DateTime.Now into it.



However, if the cookie has been created and you're still executing the
Session_Start event, then the session has expired. His code then does the
following:



Context.Response.Redirect("session_expired.aspx");



Now, I know that the name of the target page isn't important, but what I don
't understand is why he would recommend going to an ASPX page? I would have
thought that you would rather send the user to some HTML page instead. I am
sure I am missing something here, so please enlighten me.



Rod

Rod wrote:
> In Dino Esposito's book, "Programming Microsoft ASP.NET", there is a
> chapter titled, "ASP.NET State Management". There is a section in
> there discussing session state sometimes going away. He mentions
> that in version 1.1 of ASP.NET, that it isn't possible for the
> application to know about the session expiring. He gives a work
> around which you can try using that is put into the Session_Start
> event, which would first determine if there exists a cookie called
> "started_at". If there isn't, then the session was never started,
> you create the cookie and then put DateTime.Now into it.
>
>
>
> However, if the cookie has been created and you're still executing the
> Session_Start event, then the session has expired. His code then
> does the following:
>
>
>
> Context.Response.Redirect("session_expired.aspx");
>
>
>
> Now, I know that the name of the target page isn't important, but
> what I don 't understand is why he would recommend going to an ASPX
> page? I would have thought that you would rather send the user to
> some HTML page instead. I am sure I am missing something here, so
> please enlighten me.

Why would you expect to redirect only to a static page? Both solutions are
possible.

Cheers,

--
Joerg Jooss

Mainly because I thought, once the session has expired going to a .ASPX page
with a session ID which is still around, might cause problems.

Or at least, that is what I thought.

Am I wrong about that?

Rod

"Joerg Jooss" <> wrote in message
news:...
> Rod wrote:
>> In Dino Esposito's book, "Programming Microsoft ASP.NET", there is a
>> chapter titled, "ASP.NET State Management". There is a section in
>> there discussing session state sometimes going away. He mentions
>> that in version 1.1 of ASP.NET, that it isn't possible for the
>> application to know about the session expiring. He gives a work
>> around which you can try using that is put into the Session_Start
>> event, which would first determine if there exists a cookie called
>> "started_at". If there isn't, then the session was never started,
>> you create the cookie and then put DateTime.Now into it.
>>
>>
>>
>> However, if the cookie has been created and you're still executing the
>> Session_Start event, then the session has expired. His code then
>> does the following:
>>
>>
>>
>> Context.Response.Redirect("session_expired.aspx");
>>
>>
>>
>> Now, I know that the name of the target page isn't important, but
>> what I don 't understand is why he would recommend going to an ASPX
>> page? I would have thought that you would rather send the user to
>> some HTML page instead. I am sure I am missing something here, so
>> please enlighten me.
>
> Why would you expect to redirect only to a static page? Both solutions are
> possible.
>
> Cheers,
>
> --
> Joerg Jooss
>
>

Hi Rod,

I think Both aspx page and static html page are OK. And when Session
Expired, a new one will automatically started. Since we manually check the
expiring in our serverside code, so when we detect the oringal session
state is expired, in fact a new one is already started. There won't be any
problem as long as we don't try to access the old datas wo originally
stored in the SessionState after it expired.
The reason we redirect the user to an aspx page is ASPX page is served by
asp.net runtime and we can do some further serverside tasks there. Also, if
we just want to display some static infos (messages) to the end user, a
static html page is enough. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)