The project I am working on requires to show a nice custom error page to the user when the session is expired. I searched a bit on the internet and came up with a good solution in forums.asp.net which I worked it out as follows:
As mentioned in the forum you need to implement an IHttpModule and redirect the context’e AcquireRequestState event to your method which goes this:
void Application_AcquireRequestState(object sender, EventArgs e)
{
if (HttpContext.Current.Session != null && HttpContext.Current.Session.IsNewSession)
{
if (HttpContext.Current.Request.Cookies != null && HttpContext.Current.Request.Cookies["ASP.NET_SessionId"] != null)
{
HttpContext.Current.Session.Clear();
HttpContext.Current.Response.Redirect("/Errors/SessionTimeout.aspx", true);
}
}
}
}
As you can see I clear the session before redirecting to the SessionTimeout.aspx. The reason for that is that I want the user have a choice of going to login screen by providing a link in the SessionTimeout.aspx. And the login requires a session state unlike the SessionTimeout.aspx that has the attribute EnableSessionState="False"