The Session_End
event[
^] fires when the session times out; in this case, that will be one minute after the user last made a request.
There will not be a current
HttpContext
, there will not be a
Response
to
Redirect
, and there will not be a current user to
SignOut
.
If you're getting to the
FormsAuthentication.SignOut
call, that suggests you're
not testing the
HttpContext.Current
property as shown in your question.
But I suspect you're
actually getting the error from a different line - the
Session
property looks suspicious to me. But since you haven't shown how you've declared or set it, that's just a guess.
Since the event fires when the session ends, there's absolutely no purpose in checking when the user last made a request; you already know it's at least one minute in the past.
And since you only set the
LastActivityTime
when the session starts, rather than when the user makes a request, your check wouldn't make sense anyway.
It seems you need to look at using
sliding expiration[
^] for your forms authentication. That way, the authentication ticket will expire if the user doesn't make a request at least once per minute.