Detecting a session timeout

[Sems]

Hi

I'm using the Session_End event in the global.asax to detect if a
users sessions has ended. Is there any way to tell if the session end
is due to it being expired and not abandoned?
I'm trying to show the user a popup if their session has expired due
to a timeout.

Whats the best way to do this?

Thanks

 

[Michael Nemtsev]

"HttpSessionState class's IsNewSession( ) method returns true if a new
session was created for a given request. If this is a new session but the
ASP.NET_SessionId cookie is present, this indicates a timeout situation"


Check the Peter article how to implement this check there
http://www.eggheadcafe.com/articles/20051228.asp

 

[Mark Fitzpatrick]

Instead of trying to handle it on the server, you may find it much easier to
handle on the client. I've seen this done at sites such as my bank, where
they warn me my session will end shortly unless I perform some action.

You can't really handle the popup server-side because the user may not even
be on the site anymore. Keep in mind, http is a stateless protocol and the
user is disconnected from the server the moment the browser finishes
requesting all the data for the page. That means there's really no user to
push data to such as a popup. Handling it on the client can be fairly easy
because you know how long the session timeout value is in minutes, and can
check that on the browser since the session will timeout at pretty much the
same time a script on the browser would determine that 20 minutes are up.

 

[siccolo]

Instead of trying to handle it on the server, you may find it much easier to
handle on the client. I've seen this done at sites such as my bank, where
they warn me my session will end shortly unless I perform some action.

You can't really handle the popup server-side because the user may not even
be on the site anymore. Keep in mind, http is a stateless protocol and the
user is disconnected from the server the moment the browser finishes
requesting all the data for the page. That means there's really no user to
push data to such as a popup. Handling it on the client can be fairly easy
because you know how long the session timeout value is in minutes, and can
check that on the browser since the session will timeout at pretty much the
same time a script on the browser would determine that 20 minutes are up.

--
Hope this helps,
Mark Fitzpatrick
Microsoft MVP - Expression









- Show quoted text -

for example, I do it like this (within ASPX page)
<!--
------------------------------------------------------------------------------------
-->
<!-- //for user session timeouts: -->
<!-- warn user session is about to expire in 1 min -->

<script type="text/javascript" language="javascript"
src="errors.js">
</script>
<script language="javascript" type="text/javascript">
function ShowTimeoutWarning ()
{
window.alert( "...about to expire..." );
window.location.href = "../Default.aspx";
}
<%
//Session.Timeout =2;
if ( HttpContext.Current.Session["UserSession"].ToString()!
=null )
{

Response.Write( "setTimeout('ShowTimeoutWarning();', " +
( Session.Timeout *
60000 ).ToString() + " );" );
}
%>
<!--

 

[Ian Semmel]

I don't think you can tell the user that the session has ended until
they actually do something on their browser.

In your Page_Load event (can be in a master page) you can do something
like

If ( Session.IsNewSession)
HttpContext.Current.Response.Redirect("/TimedOutPage.aspx");


The thing to remember is that by the time this has happened, the
previous session has been trashed so anything you are storing in
SessionState has gone. All you can tell the user is to log in again.