Misfit Geek

Fustrated by Design !

MaximumASP

Session Time Out Tricks

February 28, 2010 | Comments | Uncategorized

I recently received an email from a developer who needed to implement a behavior around a user’s session timeout behavior.

As you probably know, we can configure our application to “expire” a user’s session at any interval that we wish.

Example:

<system.web>
<sessionState timeout="10" />
........
</system.web>

Comments

There are 29 comments for this post.

  1. Session Time Out Tricks : Misfit Geek on February 28, 2010 7:32 pm

    RE: Session Time Out Tricks

    Pingback from Session Time Out Tricks : Misfit Geek

  2. Sam on February 28, 2010 10:35 pm

    Thank you very much :-)

  3. Session Time Out Tricks http://misfitgeek.com/blog/aspnet/session-time-out-tricks/ #asp.net on February 28, 2010 11:04 pm

    RE: Session Time Out Tricks

    Session Time Out Tricks misfitgeek.com/…/session-time-ou #asp .net

  4. Matt on March 1, 2010 12:48 am

    Is it just me, or is this not overkill? Why not just use the <meta tag with a refresh attribute set, and print this out with the Session.Timeout property + 30. Your solution is a lot of code, and won’t work if the browser has JavaScript disabled (not a huge issue these days, but still something to bear in mind!).

    For example:

    <META HTTP-EQUIV="REFRESH" CONTENT="1020; URL=LoggedOut.aspx">

  5. Ahsan Murshed on March 1, 2010 1:00 am

    thanks a lot, I have faced a lot of problem on session timeout issue

  6. Mr.Foysal on March 1, 2010 1:22 am

    Hi,

    Very very thanks for your tricks Session time out tutorial code. I am beginner about programming language but high experience advance user knowledge. Please I want more code for tech my self. I am OSI Upper Layer with lower Layer Programming interested. Long distance learning solution. I/we always remember you internal mind also MSDN. %100 Success.

    Take care.

    Sincereley, Foysal.

  7. Hamza Malkawi on March 1, 2010 3:02 am

    Thanks very much, it was very helpful info.

    best regards

  8. deskbuzz on March 1, 2010 3:39 am

    Nice post, thanks a lot.

  9. Rob on March 1, 2010 3:49 am

    How do you handle async / web service calls that make keep the session alive without causing your script to reload?

  10. Aaron on March 1, 2010 9:29 am

    I’m with Matt, complete overkill. Use the global.asax to insert a meta tag to the user’s browser. You can dynamically specify the content value based on the sessions time out value. All of this can be done with 3 lines of managed code.

  11. iulian on March 1, 2010 9:40 am

    Very interesting, I will try

  12. vineet on March 1, 2010 11:18 am

    how about good old fashioned Meta tag trick for HTTP sessions

    <meta http-equiv="REFRESH" content="20;url=http://www.the-domain-you-want-to-redirect-to.com"> is the part that actually does the redirecting.

    The number preceding the url (in this case 20) tells the browser the number of seconds to wait before redirecting to the new url.

  13. ASHOKTANU on March 1, 2010 4:23 pm

    SIR , CAN U PLEASE HELP ME BY SHOWING HOW TO SEND SMS TROUGH ASP.NET,

    I ASK FOR UR KIND HELP ME WITH THAT .

    I WANT TO IMPLEMENT SENDING SMS THROUGH ASP.NET

  14. Linked - List on March 1, 2010 4:51 pm

    RE: Session Time Out Tricks

    Linked – List

  15. Jone on March 1, 2010 9:29 pm

    >> we could implement an AJAX service method and query the server as to whether or not the REAL .NET session has expired

    Would this request reset the timeout value?

  16. Farrukh Saeed on March 2, 2010 2:03 am

    looking very interesting. i ll try….

  17. Motoman on March 2, 2010 3:18 am

    Very thanks for your tricks! Its Cool Man!

  18. Motoman on March 2, 2010 3:19 am

    Good job man!

  19. Riga on March 2, 2010 4:30 am

    Excellent. Two ideas for the price of one. I like the Javascript and the Metadata.

    Saw in some websites a pop-up window opens warning you that your session is about to expire, and you can click on ‘continue logged in’. This is good use of the javascript code.

    Riga

  20. Malcolm Sheridan on March 2, 2010 6:21 am

    Hi Joe,

    Nice article. I did something like this recently using MVC and jQuery. If you like you can check it out.

    http://www.dotnetcurry.com/…/ShowArticle.asp

  21. Nuno Gomes on March 2, 2010 1:09 pm

    Hi,

    I totally agree with Matt, Aaron and vineet … it is an overkill. Meta tag Refresh will do the job.

  22. Tuganologia on March 2, 2010 1:38 pm

    Nice article!

    Thankx for the tip!

    tuganologia.blogspot.com

  23. Lee C. on March 2, 2010 4:05 pm

    @ Joe Stagner

    I think you are mixing Session with Authentication. They are separate; but, you state, "the session will have been terminated and the user will no longer be authenticated". That will only be true if session *and* authentication have expired. Right?

    Making it worse, FormsAuthentication.SlidingExpiration works differently than Session Sliding Expiration. "Sliding expiration resets the expiration time for a valid authentication cookie if a request is made and more than half of the timeout interval has elapsed. If the cookie expires, the user must re-authenticate."

    msdn.microsoft.com/…/system.web.secu

    @Matt, Aaron, vineet, and Nuno:

    I think your approaches are oversimplified for a rich Web application. You are saying that it is okay for your user to lose data, because they can just start over. If you were the user of that app, you would/should be complaining.

  24. Joe Stagner on March 2, 2010 4:34 pm

    There are mutlple solutions to each problem. For the orrigional request this solved their problem. The user’s requirements did not care about a "partially" entered form.

    Feel free to write and post a solution you like better :)

  25. Marc on March 3, 2010 12:42 pm

    I agree with Lee. Most applications that I develop (and I suspect many others) nowadays use AJAX (no postback), so as far as I know, the "old fashioned meta refresh" would not help me in this case. I’ve mostly been using the javascript method similar to what Joe suggests.

  26. Liming Xu on March 3, 2010 2:52 pm

    A related requirement from our customers and perhaps more useful to the end users is that they require 2 minutes before the session time out, warn the user and such they can extend the session. It’s used in a lot Bank websites.

    I asked the question on ASP.NET forum and later resolved it. No ajax required either. Just server mix of Javascript + Server side coding

    forums.asp.net/…/1207721.aspx

    hope it helps

  27. Mr.Thanks on March 4, 2010 5:00 am

    Thanks GUYSSSS

  28. Daniel on March 9, 2010 1:00 pm

    Session time out is a plage….I currently have no user authentication on my sites becuase of this. I’ll try to implement this workaround.

  29. Sohel rana on March 10, 2010 11:58 am

    Nice trick and helpful.

Write a Comment

Let me know what you think?