Detecting timeout with multiple websites on the same IIS server

[Rob]

I'm using the well documented code to detect whether a timeout has occurred
when a page is fetched in the OnInit() event handler:

If Session.IsNewSession Then
Dim CookieHeader As String = Request.Headers("Cookie")
If Not CookieHeader Is Nothing AndAlso
CookieHeader.IndexOf("ASP.NET_SessionId") >= 0 Then
Request.Redirect("~/Timeout.aspx")
End If
End IF

This works - sort of. It works by checking to see if the ASP.NET_SessionId
cookie exists when a new session is started. If it is present, then this is
(supposed) to indicate that it's a new session.

However, if you have two applications running on the same IIS web server,
then it triggers incorrectly. Both applications implement the above code.

1. Open http://localhost/webapp1/default.aspx
2. IsNewSession is true but cookie isn't present
3. Open http://localhost/webapp2/default.aspx
4. IsNewSession is true but the ASP.NET_SessionId cookie also exists (why is
this?)

Therefore the user is directed to the timeout page of webapp2.

I've tried adding setting the path (in Session_Start event) of the
Response.Cookie("ASP.NET_SessionId" to Request.PhysicalApplicationPath but
that doesn't seem to make any difference.

Any ideas?

Thanks, Rob.

[Rob]

> This works - sort of. It works by checking to see if the ASP.NET_SessionId
> cookie exists when a new session is started. If it is present, then this
> is (supposed) to indicate that it's a new session.

Sorry that should have read "(supposed) to indicate that it's a *timed out*
session".

Cheers, Rob.