Reference from here.
1 override protected void OnInit(EventArgs e)
2 {
3 base.OnInit(e);
4
5
6 //It appears from testing that the Request and Response both share the
7 // same cookie collection. If I set a cookie myself in the Reponse, it is
8 // also immediately visible to the Request collection. This just means that
9 // since the ASP.Net_SessionID is set in the Session HTTPModule (which
10 // has already run), thatwe can't use our own code to see if the cookie was
11 // actually sent by the agent with the request using the collection. Check if
12 // the given page supports session or not (this tested as reliable indicator
13 // if EnableSessionState is true), should not care about a page that does
14 // not need session
15 if (Context.Session != null)
16 {
17 //Tested and the IsNewSession is more advanced then simply checking if
18 // a cookie is present, it does take into account a session timeout, because
19 // I tested a timeout and it did show as a new session
20 if (Session.IsNewSession)
21 {
22 // If it says it is a new session, but an existing cookie exists, then it must
23 // have timed out (can't use the cookie collection because even on first
24 // request it already contains the cookie (request and response
25 // seem to share the collection)
26 string szCookieHeader = Request.Headers["Cookie"];
27 if ((null != szCookieHeader) && (szCookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
28 {
29 Response.Redirect("sessionTimeout.htm");
30 }
31 }
32 }
33
2 {
3 base.OnInit(e);
4
5
6 //It appears from testing that the Request and Response both share the
7 // same cookie collection. If I set a cookie myself in the Reponse, it is
8 // also immediately visible to the Request collection. This just means that
9 // since the ASP.Net_SessionID is set in the Session HTTPModule (which
10 // has already run), thatwe can't use our own code to see if the cookie was
11 // actually sent by the agent with the request using the collection. Check if
12 // the given page supports session or not (this tested as reliable indicator
13 // if EnableSessionState is true), should not care about a page that does
14 // not need session
15 if (Context.Session != null)
16 {
17 //Tested and the IsNewSession is more advanced then simply checking if
18 // a cookie is present, it does take into account a session timeout, because
19 // I tested a timeout and it did show as a new session
20 if (Session.IsNewSession)
21 {
22 // If it says it is a new session, but an existing cookie exists, then it must
23 // have timed out (can't use the cookie collection because even on first
24 // request it already contains the cookie (request and response
25 // seem to share the collection)
26 string szCookieHeader = Request.Headers["Cookie"];
27 if ((null != szCookieHeader) && (szCookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
28 {
29 Response.Redirect("sessionTimeout.htm");
30 }
31 }
32 }
33
浙公网安备 33010602011771号