Redirect Page After Session Time Out in ASP.Net

Background

I have read many forum posts regarding how to redirect a page to a Login Page after the session has expired. One post provided the proper solutions so I decided to write an article on this topic.
There are many responses for my previous article Login Page in ASP.Net C# Using Stored Procedure having 76 K + views, so if you want the details of how to create a Login form in-depth then please refer to that article because in this article I am not going to discus it in detail.
So let us start  creating web application as:
  1. "Start" - "All Programs" - "Microsoft Visual Studio 2010".
  2. "File" - "New Project" - "C#" - "Empty Project" (to avoid adding a master page).
  3. Provide the web site a name such as "SessionTimeOut"or another as you wish and specify the location.
  4. Then right-click on Solution Explorer - "Add New Item" -Add three Web Forms 
  5. Add Global.asax file if not added
  6. Drag and drop one button and two textBoxes on the <form> section of the Login.aspx page.

Now the Solution Explorer will look as follows:

 
 
Now open the Web.config file and set the Session Timeout to 1 minute as in:
  1. <system.web>  
  2.   <sessionState mode="InProc" timeout="1"/>  
  3. </system.web> 
 Now open the Global.asax file and write the following code for the Session_Start Event:
  1. void Session_Start(object sender, EventArgs e)   
  2.    {  
  3.        // Code that runs when a new session is started  
  4.        if (Session["LoginUserName"] != null)  
  5.        {  
  6.        //Redirect to Welcome Page if Session is not null  
  7.            Response.Redirect("Welcome.aspx");  
  8.   
  9.        }  
  10.        else  
  11.        {  
  12.        //Redirect to Login Page if Session is null & Expires   
  13.            Response.Redirect("Login.aspx");  
  14.          
  15.        } 
In the code above of the Global.asax file if the session is null then the page is redirected to Login.aspx. If not then it redirects to Welcome.aspx. I did this logic in the Global.asax file because the Global.asax file events are fired globally.
Now the entire Global.asax file will be as follows: 
  1. <%@ Application Language="C#" %>  
  2. <script RunAt="server">  
  3.   
  4.     void Application_Start(object sender, EventArgs e)  
  5.     {  
  6.         // Code that runs on application startup  
  7.   
  8.     }  
  9.   
  10.     void Application_End(object sender, EventArgs e)  
  11.     {  
  12.         //  Code that runs on application shutdown  
  13.   
  14.     }  
  15.   
  16.     void Application_Error(object sender, EventArgs e)  
  17.     {  
  18.         // Code that runs when an unhandled error occurs  
  19.   
  20.     }  
  21.   
  22.     void Session_Start(object sender, EventArgs e)  
  23.     {  
  24.         // Code that runs when a new session is started  
  25.         if (Session["LoginUserName"] != null)  
  26.         {  
  27.             //Redirect to Welcome Page if Session is not null  
  28.             Response.Redirect("Welcome.aspx");  
  29.   
  30.         }  
  31.         else  
  32.         {  
  33.             //Redirect to Login Page if Session is null & Expires   
  34.             Response.Redirect("Login.aspx");  
  35.   
  36.         }  
  37.   
  38.   
  39.     }  
  40.   
  41.     void Session_End(object sender, EventArgs e)  
  42.     {  
  43.         // Code that runs when a session ends.   
  44.         // Note: The Session_End event is raised only when the sessionstate mode  
  45.         // is set to InProc in the Web.config file. If session mode is set to StateServer   
  46.         // or SQLServer, the event is not raised.  
  47.   
  48.     }  
  49.          
  50. </script> 
Now open the Login.aspx.cs page and write the following code in the Login Button click:
  1. protected void Button1_Click(object sender, EventArgs e)  
  2.   {  
  3.           
  4.       Session["LoginUserName"] = Convert.ToString(TextBox1.Text);  
  5.       Response.Redirect("Welcome.aspx");  
  6.   } 
In the code above, first we are storing Login User Name in the Session so we can get Login User Name at the Next Page and then we redirect the page to the Welcome.aspx Page.
Now write the following code in the Welcome.aspx.cs page as:
  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5. using System.Web.UI;  
  6. using System.Web.UI.WebControls;  
  7.   
  8. public partial class Default2 : System.Web.UI.Page  
  9. {  
  10.     protected void Page_Load(object sender, EventArgs e)  
  11.     {  
  12.      Label1.Text="WelCome    " +Convert.ToString(Session["LoginUserName"]);  
  13.       
  14.     }  
  15.     protected void Button1_Click(object sender, EventArgs e)  
  16.     {  
  17.         Response.Redirect("AddUserDetails.aspx");  
  18.     }  

In the code above, after the user logs into the application it is redirected to the Welcome.aspx page so we are taking the current user login name on page load from Session and assigned to the label.
I have added another page that is AddUserDetails.aspx and called it from the code above that determines if the session has expired. If it is expired then it will redirect to the AddUserDetails.aspx page otherwise it goes to the Login.aspx page.
Now our application is ready for testing, so let us run the application. The following Login Page will be shown.
 
 
 
Enter credentials and click on the Login Page. It will redirect to the Welcome.aspx as in the following:
 
 
 
Now click on the Goto Add UserPage button. It will redirect to the AddUser.aspx page as in the following:
 
 
 
Now keep ideal for 1 minute without clicking anywhere and after 1 minute click on the Back To Welcome Page button, it will be redirect you to the login page as in the following:
 
 
 
Now from all the above examples, we have learned how to redirect the user to a login page after the session has expired.
Note:
  • For detailed code please download the sample Zip file.
  • This is not a complete login page Implementation technique, this is only to provide an idea of how to redirect a page to a Login page after the session expires.
  • For details of a login page please refer to my previous article Login Page in ASP.Net C# Using Stored Procedure that has 76k views.
Summary
 
From all the examples above, we have learned how to redirect the user to a Login page after the session has expired. I hope this article is useful for all readers, if you have a suggestion then please contact me.
 

Up Next
    Ebook Download
    View all
    Learn
    View all