Click here to Skip to main content
Click here to Skip to main content

ASP.NET HttpModule for handling session end with StateServer

, 2 Nov 2007
Rate this:
Please Sign up or sign in to vote.
This article explains how to manage sessions ending when using the ASP.NET StateServer (which does not fire the Session_End event)

Introduction

The Session_End event is a useful event which an be handled in Global.asax to perform any actions when a session ends, such as logging an activity to the database, cleaning up temporary session files, etc.

However, when using any kind of state management other than InProc (such as StateServer or SqlStateServer), the ASP.NET web application does not fire the Session_End event, and any code in this method will not be executed.

Background

Some browsing around returned a couple of good articles. The article Page tracking in ASP.NET offers a similar solution, though is geared around page tracking whereas my requirement was simply to find an alternative to the Session_End event that would work with the ASP.NET StateServer.

There's another excellent article called Preventing Multiple Logins in ASP.NET This is where I got the idea of using the application cache with a sliding expiry to trigger an event when the session ends.

How it works

The SessionEndModule class hooks into the PreRequestHandlerExecute event and inserts/replaces an item in the application cache, with a sliding expiry equal to the session expiry, and a callback method to be called when the item is removed from the application cache. The key of the cache item is the SessionId, and the value is the value of the item in the session with the key set as the SessionObjectKey.

When the item expires and the callback method is called. The key, value and reason of the expired item is passed to this callback method. The key is the SessionId, the value is the value copied from the session, and the reason is why the item was removed from the cache (was it removed, expired, underused, or it's dependency changed).

The callback method then checks that the item was removed as a result of it expiring, wraps the values into a SessionEndEventArgs class (which exposes SessionId and SessionObject properties), and fires the SessionEnd event.

Using the code

The code consists of a HttpModule called SessionEndModule, which needs to be included in the project via the web.config file. It exposes a static property named SessionObjectKey and a static event named SessionEnd which will be fired when a session ends. The value of the SessionObjectKey will be returned in the event arguments for the SessionEnd event.

First lets set up web.config

<httpModules>
 <add name="SessionEndModule" type="SessionTestWebApp.Components.SessionEndModule, SessionTestWebApp"/>
</httpModules>

<!--<span class="code-comment"> Use the state server (rather than InProc), and set the timeout to 1 minute for easier testing--></span>
<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" timeout="1" cookieless="false"/>

Then we need set up Global.asax

protected void Application_Start(object sender, EventArgs e)
{
  // In our sample application, we want to use the value of Session["UserEmail"] when our session ends
  SessionEndModule.SessionObjectKey = "UserEmail";

  // Wire up the static 'SessionEnd' event handler
  SessionEndModule.SessionEnd += new SessionEndEventHandler(SessionTimoutModule_SessionEnd);
}

Then we need to create our event handler method for the SessionEnd event:

private static void SessionTimoutModule_SessionEnd(object sender, SessionEndedEventArgs e)
{
   Debug.WriteLine("SessionTimoutModule_SessionEnd : SessionId : " + e.SessionId);

   // This will be the value in the session for the key specified in Application_Start
   // In this demonstration, we've set this to 'UserEmail', so it will be the value of Session["UserEmail"]
   object sessionObject = e.SessionObject;
 
   string val = (sessionObject == null) ? "[null]" : sessionObject.ToString();
   Debug.WriteLine("Returned value: " + val);
}

In this demo, lets also wire up the Session_Start and put some test data in the session

protected void Session_Start(object sender, EventArgs e)
{
   Debug.WriteLine("Session started: " + Session.SessionID);
 
   Session["UserId"] = new Random().Next(1, 100);
   Session["UserEmail"] = new Random().Next(100, 1000).ToString() + "@domain.com";
 
   Debug.WriteLine("UserId: " + Session["UserId"].ToString() + ", UserEmail: " + 
                 Session["UserEmail"].ToString());
}

Testing the code

Start this project in debug mode and keep an eye on the output window. When the session starts, the session contents will populated with a random UserId and UserEmail. The session will end after approximately 1 minute, and fire the SessionEnd event, which will execute the SessionTimoutModule_SessionEnd method and print the SessionId of the session that ended and the UserEmail it contained.

Returning more than one session value

The HttpModule.SessionEnd event only supports returning the value of a single session variable. If you need to return more than one value, the easiest way is to create a serializable class, with properties for all your values, and store that in the session instead.

For example:

[Serializable]
public class SessionInfo
{
   public string UserId;
   public string UserName;
   public string UserEmail;
}

SessionInfo sessionInfo = new SessionInfo();
sessionInfo.UserId = 10;
sessionInfo.UserName = "Bob Jones";
sessionInfo.UserEmail = "bobjones@company.com";

Session["SessionInfo"] = sessionInfo;

In Global.asax, you would then set the SessionObjectKey to 'SessionInfo':

SessionEndModule.SessionObjectKey = "SessionInfo";

You can then access this in the SessionEnd event:

private static void SessionTimoutModule_SessionEnd(object sender, SessionEndedEventArgs e)
{
   Debug.WriteLine("SessionTimoutModule_SessionEnd : SessionId : " + e.SessionId);

   SessionInfo sessionInfo = e.SessionObject as SessionInfo;
 
   if (sessionObject == null)
   {
       Debug.WriteLine("Returned value is null");
   }
   else
   {
      Debug.WriteLine("Returned values - UserId: " + sessionInfo.UserId + ", UserName: " + 
                      sessionInfo.UserName + ", UserEmail: " + sessionInfo.UserEmail);
   }
}

Known limitations

As the module hooks into the PreRequestHandler event, the value of the SessionObjectKey stored in the application cache before the page executes. This means that if you change the session variable being returned by the module in the SessionEnd event (or the SessionInfo object) on a page, and then the session times out, the SessionEnd event will contain the old value. It's possible to change this to use the PostRequestHandler event, though I've experienced some strange behaviour with this, especially when using Response.TransmitFile.

This code also won't work on scenerarios where you are using a server farm. In the article 'Preventing Multiple Logins in ASP.NET', Peter Bromberg discusses this problem in more depth and offers some ideas for working around this.

History

Version 1.0 - 02 November 2007

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

Munsifali Rashid
Software Developer (Senior)
United States United States
Developer with focus on buidling solutions using Microsoft technologies - ASP.NET, C#, SQL Server.
Follow on   Twitter

Comments and Discussions

 
GeneralMy vote of 5 Pinmemberpunit singhi9-May-13 1:30 
QuestionDeploying to IIS 7.5 PinmemberMember 455901428-Jan-13 20:44 
GeneralMy vote of 4 Pinmembercrazynick26-Feb-12 4:55 
Generalre session_end PinmemberAjay Kale New9-Sep-10 4:13 
QuestionHow to fired session_end event on session.abandon or on logout in state server mode? PinmemberMember 41401195-Nov-09 2:38 
GeneralHello Sir PinmemberYves16-Aug-09 14:38 
GeneralImplementing in vb PinmemberMember 438518315-Feb-09 20:07 
QuestionHow to implement this in vb? Pinmembercalairose5-Nov-08 18:36 
GeneralSample app PinmemberAndySiant6-Nov-07 1:29 
GeneralRe: Sample app PinmemberMunsifali Rashid6-Nov-07 13:23 
Thanks for the feedback. I've updated the code sample so that it's now using the website project model instead of the web application project model, which should solve this issue. Let me know if you have any further problems.
 
--
Munsifali Rashid
www.munit.co.uk/

GeneralOn cluster it doesn't works Pinmemberdgi2-Nov-07 12:36 
GeneralRe: On cluster it doesn't works [modified] PinmemberMunsifali Rashid2-Nov-07 14:32 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web02 | 2.8.140721.1 | Last Updated 2 Nov 2007
Article Copyright 2007 by Munsifali Rashid
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid