top of page

How to check session timeout in ASP.NET

Session timeout is an important aspect of web application development that determines the amount of time a user can spend on a website before their session is ended. Session timeout is often used for security purposes, to ensure that user data is protected and to prevent unauthorized access to sensitive information. In this article, we will discuss how to check session timeout in ASP.NET, step by step, with code.

In ASP.NET, the session timeout is the amount of time that a user's session can remain idle before it is automatically terminated. By default, the session timeout in ASP.NET is 20 minutes. However, this can be changed by modifying the web.config file.

When a user is active on a web application, the session timeout is reset. However, if a user remains idle for a certain amount of time, the session will expire and they will be logged out of the application. This helps to protect sensitive data and prevent unauthorized access.


Also Read:

Check Session Timeout in ASP.NET

To check the session timeout in ASP.NET, we need to write a few lines of code in the web.config file. The web.config file is an XML file that is used to configure settings for an ASP.NET application. To modify the session timeout, we need to add a sessionState element to the web.config file. The sessionState element contains attributes that determine the session timeout value.


Set Session Timeout in ASP.NET

Here is an example of how to set the session timeout value to 30 minutes in the web.config file:

Step 1: Set Session Timeout Value in web.config To set the session timeout value in ASP.NET, we first need to modify the web.config file. We can do this by adding the following sessionState element to the system.web section of the web.config file:

<configuration>
    <system.web>
        <sessionState timeout="30"></sessionState>
    </system.web>
</configuration>

In this example, we are setting the session timeout value to 30 minutes.

Step 2: Create ASP.NET Web Form Next, we need to create an ASP.NET web form. We can do this by adding a new item to our ASP.NET project and selecting "Web Form". We can name the web form "SessionTimeout.aspx".

Step 3: Add Code to Check Session Timeout In the code behind of the SessionTimeout.aspx page, we can add the following code to check the session timeout value and display it to the user:

protected void Page_Load(object sender, EventArgs e) 
{     
    // Get the session timeout value
    int sessionTimeout = Session.Timeout;      
    
    // Display the session timeout value to the user     
    SessionTimeoutLabel.Text = "Session timeout is " + sessionTimeout + " minutes."; 
} 

In this code, we are using the Page_Load event to get the session timeout value using the Session.Timeout property. We are then setting the Text property of a label control called "SessionTimeoutLabel" to a string that includes the session timeout value.

Step 4: Add Code to Handle Session Timeout To handle session timeout, we can add the following code to the Global.asax file:

void Session_End(object sender, EventArgs e)  
{     
    // Redirect the user to the login page     
    Response.Redirect("Login.aspx"); 
} 

In this code, we are using the Session_End event to redirect the user to the login page when their session expires.

Step 5: Test the Session Timeout To test the session timeout, we can run the ASP.NET application and navigate to the SessionTimeout.aspx page. The page should display the session timeout value, which in this example is 30 minutes. We can then wait for the session to expire by remaining inactive on the page for 30 minutes. Once the session expires, we should be redirected to the login page.

Output: Here's an example of what the SessionTimeout.aspx page might look like:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="SessionTimeout.aspx.cs" Inherits="WebApplication1.SessionTimeout" %>  

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Session Timeout Example</title>
</head>
<body>
    <form id="form1" runat="server">
        <div>
            <asp:Label ID="SessionTimeoutLabel" runat="server" Text="">
            </asp:Label>
        </div>
    </form>
</body>
</html>

And here's an example of what the SessionTimeout.aspx.cs code behind might look like:

using System;  
namespace WebApplication1 
{     
    public partial class SessionTimeout : System.Web.UI.Page     
    {         
        protected void Page_Load(object sender, EventArgs e)         
        {             
            // Get the session timeout value
            int sessionTimeout = Session.Timeout;              
            
            // Display the session timeout value to the user             
            SessionTimeoutLabel.Text = "Session timeout is " + sessionTimeout + " minutes.";         
        }     
    } 
} 

When we run the ASP.NET application and navigate to the SessionTimeout.aspx page, we should see the session timeout value displayed to the user as shown in the label control, like this: Session timeout is 30 minutes.

If we remain inactive on the page for 30 minutes, we should be redirected to the login page, as specified in the Session_End event in the Global.asax file.


Also Read:

Overall, implementing session timeout in ASP.NET is an important security measure that can help protect sensitive data and prevent unauthorized access. By following the steps outlined in this example, we can set the session timeout value, check the session timeout value, handle session timeout, and display the session timeout value to users.

Conclusion:

In this article, we have discussed how to check session timeout in ASP.NET, step by step, with code. We have learned how to set the session timeout value in the web.config file, how to check the session timeout value in the code behind, how to handle session timeout in the Global.asax file, and how to display the session timeout value to users using an ASP.NET label control. By understanding and implementing session timeout in our ASP.NET applications, we can help to protect sensitive data and prevent unauthorized access.

0 comments

Comments


bottom of page