I've been programming in ASP (including ASP.NET) for almost seven years from now, and one of the most common problems was to ensure that certain pages should not be accessed without a session being active.

Usually this page depended the user being logged in, where we stored the fact (that the user is logged in) by keeping a flag in a session variable. Other common scenarios were when a page depended on some value that was derived or set on a different page and transported to the current page through a session variable.

The code to accomplish this was almost always clumsy. In its simplicity, you'd always check for existence of a session variable like following..

if (Session["MY_VAR_A"] == null)
    Response.Redirect("ExpiredPage.aspx");

If under certain conditions, your page would work if one of the various session variables was provided for, things would get clumsier.

For example, if in one condition, Session["MY_VAR_A"] was initialized somewhere and the flow came to this page and it was okay to continue processing, while in another condition it was okay to process if Session["MY_VAR_B"] had some value, you had to write code like following..

if (somecondition) 
   if (Session["MY_VAR_A"] == null)
      Response.Redirect("ExpiredPage.aspx");
else
      if (Session["MY_VAR_B"] == null)
         Response.Redirect("ExpiredPage.aspx");

The objective was the same, you wanted to ensure that if a new Session had to be created to process this page, then the user should be redirected to the Expired page or whatever...

ASP.NET Version 2.0 introduced a cool new property in HttpSession class  (Available through the Session property of the Page class), called IsNewSession, that can be used to check if a new session was created for the current request. This made things much simpler. All you have to do now is...

if (Session.IsNewSession) 
   Response.Redirect("ExpiredPage.aspx");

   
Now life is a little less complicated :)