I have an ASP.NET MVC2 web application that uses InProc sessions to store a registered user ID. In controllers, I use the special AuthorizeAttribute attribute to verify the session for a valid identifier.
I also use TempData inside my controllers after GET-> POST-> REDIRECT to display confirmation messages. For example, when a user logs out, my Logout () controller action clears the session, sets TempData ["Message"] and redirects the Login () action. The Login () action then displays any TempData ["Message"] that is not null.
TempData["Message"] = "You have successfully logged out.";
My question is (definitively) the following. I would like to be able to redirect the user to the Login () action if the session expires, unlike the user logging out.
TempData["Message"] = "You have been logged out due to inactivity.";
I'm not sure that 1) using the TempData collection is appropriate in this scenario, or 2) where a suitable place for this would be.
I would like to adhere to the MVC guidelines / best practices as much as possible, so it seems that using Session_End in some ugly way is not the way I would like. I would like the timeout = true character to be missing in the query string too.
Any thoughts?
source
share