redirect on Session Timeout

[Weave]

I would like to redirect to a logout page after a session has timed out. I
have placed a response.redirect "loggedoff.asp" in the Session_OnEnd
subroutine in the global.asa, but it does not move to the page after timeout
occurs.

Any suggestions?

Thanks in advance ....

 

[Darrin J Olson]

Although the Session_OnEnd event fires on the server with the session has
timed out, it does not cause the client page to reload, and thus the client
page knows nothing of the redirect.

What you could do is set a create a javascript function that runs on the
client, with the same wait time as the session time on the server. Once the
page loads, start the time. If it reaches the session time limit, it could
window.navigate to the desired page at about the same time as the server
would time out. If they move to a new page before the limit, the client
timer resets when the new page loads, as does the server timer. You could
even place this javascript in a user control that you could then drag and
drop on every ASP page that you want to use it on...

Hope that helps.

-Darrin

 

[Michael Pearson]

I've handled this with Meta refresh. After X seconds, redirect the user to
the loggedoff.asp page.
Works for both ASP and ASP.net. If you are not sure what this is, do a
search on google for Meta Refresh.

Michael

 

[Josh]

The best that I have come up with is this:
1. In the Session_OnStart event set the Session.Timeout property (do not
rely on the value in web.config) and set some Session variable e.g.
Session["IsAlive"] = true;
2. Include at top of each .aspx file a META tag to refresh the page for the
same amount of time as the Session Timeout property.
3. In the code behind for each page, in the Page_Load , check Session
variable, if it is null then Session has expired, and do redirect to page of
choice.

 

[Weave]

Thanks Darrin - worked like a charm!

Although the Session_OnEnd event fires on the server with the session has
timed out, it does not cause the client page to reload, and thus the client
page knows nothing of the redirect.

What you could do is set a create a javascript function that runs on the
client, with the same wait time as the session time on the server. Once the
page loads, start the time. If it reaches the session time limit, it could
window.navigate to the desired page at about the same time as the server
would time out. If they move to a new page before the limit, the client
timer resets when the new page loads, as does the server timer. You could
even place this javascript in a user control that you could then drag and
drop on every ASP page that you want to use it on...

Hope that helps.

-Darrin

 

[Paul]

For those following this thread and who may be interested in yet another
way of doing this, put the following in Page_Load():


Response.AppendHeader("Refresh",
Convert.ToString((Session.Timeout * 60) + 5) & ";
URL=SessionTimeout.aspx")


My understanding is that the Response Header will cause a refresh
according to the Session.Timeout argument. Every time the page loads
this value gets reset.

 

[Milan Negovan]

Hi Paul,


If I may add my two cents... Spiders/crawlers hate this kind of redirect.
They'll think you're spamming them. Calling Response.Redirect or
Server.Transfer is legit, though. Redirect sends a 302 code (page moved)
which is ok.