I have an ASP.NET MVC2 web application that uses InProc sessions to store the logged in user's ID. In the controllers, I am using a custom AuthorizeAttribute to check the Session for a valid ID.
I am also using TempData within my controllers after a GET->POST->REDIRECT to display confirmation messages. For example, when the user logs out, my Logout() controller action clears the Session, sets a TempData["Message"] and redirects to the Login() action. The Login() action then displays any TempData["Message"] that isn't null.
TempData["Message"] = "You have successfully logged out.";
My question (finally) is as follows. I would like to be able to redirect the user to the Login() action if the Session times out, as opposed to the user logging out.
TempData["Message"] = "You have been logged out due to inactivity.";
I am not sure if 1) the use of the TempData collection is appropriate in this scenario or 2) where the appropriate place to handle this would be.
I would like to keep within the MVC guidelines / best practices as much as possible, so it seems that using the Session_End in some ugly fashion is not the way I would want to go. I would like to avoid passing in a ?timeout=true in the query string as well.
Any thoughts?
