Jan 11, 2007 - 07:04 AM
There's a couple ways you can handle this one.
.NET 2.0 makes it very easy if you have the person "log in" to the system. HttpContext.Current.User.IsAuthenticated with evaluate "true" if they have been authenticated and have not timed out. Once they timeout, they'll be taken to the login page before being able to proceed. Unfortunately, all info that may be associated with that session would probably be lost.
I've also done a cookie in the past where I set the SessionID (you can also put this in a session variable if you want) and then when they "come back" to the server, check to see if the Session.SessionID currently on the server matches what's stored in the Cookie/Session Variable. If it is, they're still "OK"...if not, I send them to a function that clears out what's been set and redirects them to the "start over" page.
I hope this helps get you on track.
Jan 27, 2007 - 04:23 AM
I have chosen the cookie way, but don't need to tell the user that the session is about to expire. So handling it on the server is fine.
And the points go to.... rcastagna.