Storing Session State in SQL Server..Session doesnt Time out,

[jakk]

Iam storing the session state in SQL Server. The Session gets stored in
the SQL Server temp tables ( I can see some values in the two tables),
but the session doesnt seem to timeout.

We have a situation where we have to differentiate between logout and
session expiration and since the Session_End event doesnt get fired for
out-of-proc sessions, I added tthe two functions

public void Application_PreRequestHandlerExecute(Object sender,
EventArgs e)
{
HttpCookie cookie = HttpContext.Current.Request.Cookies["SID"];

if(cookie != null && cookie.Value !=
HttpContext.Current.User.Identity.Name && Request.IsAuthenticated ==
false)
{
HttpContext.Current.Items.Add("SessionExpired",true);
}
}


public void Application_PostRequestHandlerExecute(Object sender,
EventArgs e)
{
HttpCookie cookie = new
HttpCookie("SID",HttpContext.Current.User.Identity.Name);
HttpContext.Current.Response.Cookies.Add(cookie);
}

The code above basically sets the a cookie and checks the cookie value
for the each request. If the cookie is stale and the
Request.IsAuthenticated is false then the session is expired.

But the value of Request.IsAuthenticated is never becoming false. and
HttpContext.Current.User.Identity.Name always has the logged in
username value The Session never seems to expire. I have the serivices
ASP.NET state service running om web-server and SQL Server Agent
running on the SQL Server.

 

[Alvin Bruney [ASP.NET MVP]]

that behavior is by design

--
Regards,
Alvin Bruney

[Shameless Author Plug]
The Microsoft Office Web Components Black Book with .NET
available at www.lulu.com/owc

 

[jakk]

Thanks for responding...but how can I make sure that sessions ends
after a specified time and Request.IsAuthenticated becomes false and
HttpContext.Current.User.Identity.Name becomes empty.