Go to Login Page when session expires

[Guest]

Hi all,
I was wondering how i could write some code which would automatically open
the Login Page once the session has expired?

 

[William F. Robertson, Jr.]

You can use the setTimeout javascript function for this.

<script language="javascript">
//this will call the javascript method _SessionExpired after 20 minutes

setTimeout( "_SessionExpired()", 20 * 60 * 1000 );

function _SessionExpired()
{
location.href = "login.aspx";
}
</script>

When 20 minutes has elapsed from the page opening the browser will be
redirected to the login page. Since you are going to be redirecting the
user you might want to give them a warning at say 19 minutes their session
is about to expire.

HTH,

bill

 

[Stefan Kiryazov]

You can also put the following in Global.asax:

protected void Session_End(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}

 

[Juan T. Llibre]

Neither that, nor the other solutions offered, will work.

When a session ends/expires, the server has no way
of knowing whether the user has already left the site
and is currently 10 sites away.




Juan T. Llibre
ASP.NET MVP
===========

 

[William F. Robertson, Jr.]

This will not work.

There is no HttpContext for the Session End event. This is a server side
only event.

bill

 

[William F. Robertson, Jr.]

I disagree. If the user leaves a page up (open) for the 20 minute Session
timeout, you can still direct them to another page. If the user has left
your site, you wouldn't want to redirect them to the login page, nor can
you.

He was asking about redirecting a user automatically when their Session
times out. Now the only hole in the solution offered is the Application
Restarts, the session will be new, but there is no way to notifiy the
browser.

bill

 

[Juan T. Llibre]

re:

If the user leaves a page up (open) for the 20 minute
Session timeout, you can still direct them to another page.

Try it.

What you suggest will only enable Javascript redirection
after 20 minutes of inactivity in the page the JS script is in,
and is totally unrelated to the actual Session expiration/end.

What if the user has two windows open on your site,
and one of them is left open for the 20 minutes you
specify, but he is actively browsing the site in the other
window ( thereby keeping his Session alive ) ?

re:

the only hole in the solution offered
is the Application Restarts

The Application won't restart only
because a User Session expires/ends.




Juan T. Llibre
ASP.NET MVP
===========

 

[William F. Robertson, Jr.]

ACaunter--
So in short, this is impossible to achieve completely.

Juan--
Ahhh. I had not thought about the new window, same session scenario.

What I suggested was to set his javascript redirection timeout the same as
the server. Unless of course asp.net ignores the SessionTimeout settings
and just randomly times out Sessions. In which case it wouldn't work.

The Application won't restart only
because a User Session expires/ends.

Ofcourse not, but the Application restart will cause all of the Sessions to
be recreated on next postback. Thus they will be ended.

bill

 

[Juan T. Llibre]

re:

Unless of course asp.net ignores the
SessionTimeout settings and just
randomly times out Sessions.

Very early versions of ASP had that sort of hiccup.

ASP.NET has improved the
handling of Session data quite a lot.

re:

What I suggested was to set his javascript
redirection timeout the same as the server.

The problem is that they run on different "clocks".

JavaScript only knows about individual pages,
not about ASP.NET user sessions.

The ASP.NET server knows about user sessions.



Juan T. Llibre
ASP.NET MVP
===========

 

[Guest]

Thanks for the replies,
This javascript code, would I put this on each of my pages for my site???

<script language="javascript">
//this will call the javascript method _SessionExpired after 20 minutes

setTimeout( "_SessionExpired()", 20 * 60 * 1000 );

function _SessionExpired()
{
location.href = "login.aspx";
}
</script>

... and i don't have to worry about 2 windows being open and the one being
left for 20 mins, that won't happen on my site.. i hope .. but ya.. Right
now i have my timeout set for 1 hour i believe, so i was hoping that if the
session expires after the hour, the site will automatically go back to the
login page, knowing the session var's are gone, and they can restart them..

also, for the session expiring.. is it no matter what after an hour they are
gone, or only if the screen is left still, not used, for the hour...??

and whatabout this code, do i need to put it in my global page too??

protected void Session_End(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}


thanks

 

[Juan T. Llibre]

re:

This javascript code, would I put this
on each of my pages for my site???

If all you want to do is insure that your users will always
have Session contents available, i.e., insure that their
sessions don't timeout when they leave their browsers
open on the same page, without doing anything alse for
a period of time which is larger that your Session Timeout
setting, all you'd need to do is use a Meta Refresh tag :


<meta http-equiv="refresh" content="600">

That would refresh the page every 10 minutes (600 seconds).
If you need a higher value, set the number to a larger value.

That is much simpler than the JavaScript solution,
which doesn't synchronize with Session timeout, anyway.

Be forewarned : users don't like applications/servers
messing with how they view the site, and this strategy
may well backfire on you, as would any other method
you use to insure that a page will refresh, or that a user
will be redirected against his will to other pages.

re:

and whatabout this code,
do i need to put it in my global page too??

As previously said, setting

protected void Session_End(Object sender, EventArgs e)
Response.Redirect( "login.aspx" );

will *not* work because when the session ends
the server has no way of sending a response to
the client, who might be long gone, anyway.




Juan T. Llibre
ASP.NET MVP
===========

 

[William F. Robertson, Jr.]

Plus if I am typing in a long form and the 10 minutes hits, them whammo, my
last ten minutes worth of work are gone because the page will be
re-requested, and not posted.

Unless Juan instructs the meta tag will "post" a form rather than a "get".

Juan,

What if you set a httpHandler that did nothing and implement
IRequiresSessionState. Then use the javascript timer to change the url of a
hidden image on the page. It would hit the server and keep the session
alive.

bill

 

[NikkolB]

William was on the right track with putting the redirect in th
global.asax, but it should be on session start, not end:

protected void Session_Start(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}

A session-end will never reach the user/browser. But when that use
re-requests the page, a new session will start, and the session_star
event will fire, redirecting the user