How to redirect to logon page when session State time out is completed in asp.net mvc

Question

I have an ASP.NET MVC4 application where I am implementing sessionTimeout like:

Answer 1

I discover very simple way to redirect Login Page When session end in MVC. I have already tested it and this works without problems.

In short, I catch session end in _Layout 1 minute before and make redirection.

I try to explain everything step by step.

If we want to session end 30 minute after and redirect to loginPage see this steps:

1. Change the web config like this (set 31 minute):

    <system.web>
       <sessionState timeout="31"></sessionState>
    </system.web>
   

2. Add this JavaScript in _Layout (when session end 1 minute before this code makes redirect, it makes count time after user last action, not first visit on site)

   <script>
       //session end 
       var sessionTimeoutWarning = @Session.Timeout- 1;
   
       var sTimeout = parseInt(sessionTimeoutWarning) * 60 * 1000;
       setTimeout('SessionEnd()', sTimeout);
   
       function SessionEnd() {
           window.location = "/Account/LogOff";
       }
   </script>
   

3. Here is my LogOff Action, which makes only LogOff and redirect LoginIn Page

   public ActionResult LogOff()
   {
       Session["User"] = null; //it's my session variable
       Session.Clear();
       Session.Abandon();
       FormsAuthentication.SignOut(); //you write this when you use FormsAuthentication
       return RedirectToAction("Login", "Account");
   } 
   

I hope this is a very useful code for you.

Answer 2

There is a generic solution:

Lets say you have a controller named Admin where you put content for authorized users.

Then, you can override the Initialize or OnAuthorization methods of Admin controller and write redirect to login page logic on session timeout in these methods as described:

protected override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
    {
        //lets say you set session value to a positive integer
        AdminLoginType = Convert.ToInt32(filterContext.HttpContext.Session["AdminLoginType"]);
        if (AdminLoginType == 0)
        {
            filterContext.HttpContext.Response.Redirect("~/login");
        }

        base.OnAuthorization(filterContext);
    }

Answer 3

One way is that In case of Session Expire, in every action you have to check its session and if it is null then redirect to Login page.

But this is very hectic method To over come this you need to create your own ActionFilterAttribute which will do this, you just need to add this attribute in every action method.

Here is the Class which overrides ActionFilterAttribute.

public class SessionExpireFilterAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            HttpContext ctx = HttpContext.Current;

            // check if session is supported
            CurrentCustomer objCurrentCustomer = new CurrentCustomer();
            objCurrentCustomer = ((CurrentCustomer)SessionStore.GetSessionValue(SessionStore.Customer));
            if (objCurrentCustomer == null)
            {
                // check if a new session id was generated
                filterContext.Result = new RedirectResult("~/Users/Login");
                return;
            }

            base.OnActionExecuting(filterContext);
        }
    }

Then in action just add this attribute like so:

[SessionExpire]
public ActionResult Index()
{
     return Index();
}

This will do you work.