Session Timeout


S

SilentCry

i know there are a zillion ways to do this and the way i'm doing it
essentially works but it has a minor problem which i'll get to later.

here's the simplified version of what i'm doing..
i have a main page (default.aspx) that has various input fields on it (text,
dropdowns, etc). in the Page_Load for this page i have this..

Session.Add("SID", Session.SessionID);

int to = Session.Timeout;
string curPath =
Page.Request.AppRelativeCurrentExecutionFilePath.Replace("~/", "");

string script = @"<script> function WarnUser()
{
alert('Your session will expire in 2 minute(s).\nClick OK to
continue your session.');
document.location = ""SessionEnd2.aspx?curPath=" + curPath + @""";
}
setTimeout('WarnUser()', " + (to - 2).ToString() + " * 60 * 1000);"
+
"</script>";
Page.ClientScript.RegisterStartupScript(typeof(string), "Timeout",
script);

basically i want to give the user a warning that the session will expire in
2 minutes.

in the Page_Load for SessionEnd2.aspx i have..

string sid = Session["SID"] as string;
string url = Request.QueryString["curPath"];

if (sid == null)
{
Response.Redirect("Error.aspx", true);
}
else
Response.Redirect(url, true);

this all works except that if the session is still active at the time the
user clicks Ok on the alert (the 2 minutes has not expired), the redirect
back to default.aspx (curPath/url) works well enough but in the process,
reloads the page which is not what i want. obviously any input entered in
the controls before the alert appears is now wiped out. this is where i get
stuck. is there a way to do this without reloading default.aspx. basically
what i want is for focus to be given back onto default through the normal
process of window switching as opposed to reload/postback.
any suggestions?
and yes i do have viewstate=true set for all the controls.
 
Ad

Advertisements

D

David Mark

i know there are a zillion ways to do this and the way i'm doing it
essentially works but it has a minor problem which i'll get to later.

[snip]

Ask in a .NET group (and good luck.)
 
E

Erwin Moller

David Mark schreef:
i know there are a zillion ways to do this and the way i'm doing it
essentially works but it has a minor problem which i'll get to later.

[snip]

Ask in a .NET group (and good luck.)

He did.
(microsoft.public.dotnet.framework.aspnet)

Erwin Moller

--
"There are two ways of constructing a software design: One way is to
make it so simple that there are obviously no deficiencies, and the
other way is to make it so complicated that there are no obvious
deficiencies. The first method is far more difficult."
-- C.A.R. Hoare
 
D

David Mark

David Mark schreef:
i know there are a zillion ways to do this and the way i'm doing it
essentially works but it has a minor problem which i'll get to later.

Ask in a .NET group (and good luck.)

He did.
(microsoft.public.dotnet.framework.aspnet)

So he did.

The only Javascript in the posted blob is generated by this:

alert('Your session will expire in 2 minute(s).\nClick OK to
continue your session.');
document.location = ""SessionEnd2.aspx?curPath=" + curPath +
@""";
}
setTimeout('WarnUser()', " + (to - 2).ToString() + " * 60 *
1000);"

Should use window.location.replace. And if the (unqualified) alert is
to be believed, the subsequent redirect makes no sense.
 
Ad

Advertisements

S

SilentCry


No thanks.
The idea is not to reload the page itself but transparent gif by hitting
aspx page which will refresh the session.

Whatever the idea, the implementation is botched (at least on the
client side.) I wouldn't expect anything less from a .NET
application.

[snip]

you're an idiot.. you don't know anything about this application or why i
did what i did so quit with the attitude. did you ever think that maybe by
posting this here i was actually looking for an alternate javascript
solution? i don't see anything out of you yet (other than arrogance) - why
is that?
 
D

David Mark


No thanks.


The idea is not to reload the page itself but transparent gif by hitting
aspx page which will refresh the session.

Whatever the idea, the implementation is botched (at least on the
client side.)  I wouldn't expect anything less from a .NET
application.

[snip]

you're an idiot.. you don't know anything about this application or why i

I don't need to know anything about the application. But I do know it
contains bad script (as mentioned.)
did what i did so quit with the attitude. did you ever think that maybe by

Get a shift key.
posting this here i was actually looking for an alternate javascript
solution? i don't see anything out of you yet (other than arrogance) - why
is that?

You can't read either?
 
G

George

Wonder what is wrong with the idea of hitting ASPX page to refresh session
object and prevent it's expiration?
And what is wrong with client side? Its' only 3 lines.

<script language="Javascript">
window.setInterval("renewSession();", 600000);
function renewSession()
{document.images["renewSession"].src = "/renewSes.ashx?par=" + (new
Date()).toLocaleString();}
</script>

George.




No thanks.
The idea is not to reload the page itself but transparent gif by hitting
aspx page which will refresh the session.

Whatever the idea, the implementation is botched (at least on the
client side.) I wouldn't expect anything less from a .NET
application.

[snip]
 
B

bruce barker

you need to do two things to maintain he session:

1) update the timeout on the server (done with a server request)
2) update the timeout on the client session cookie. the browser will not
send the cookie if it expires.

if you do not want to repost the page then you can use an image or
hidden iframe, unless images are mapped to asp.net it better to use a an
iframe. also the iframe version can notify that the session is dead.

<iframe src="renewsession.aspx" style="display:none" ></iframe>

now the script and timer can run in the iframe. on dead session you can
show an alert.

-- bruce (sqlwork.com)
 
D

David Mark

you need to do two things to maintain he session:

1) update the timeout on the server (done with a server request)
2) update the timeout on the client session cookie. the browser will not
send the cookie if it expires.

if you do not want to repost the page then you can use an image or
hidden iframe, unless images are mapped to asp.net it better to use a an
iframe. also the iframe version can notify that the session is dead.

<iframe src="renewsession.aspx" style="display:none" ></iframe>

now the script and timer can run in the iframe. on dead session you can
show an alert.

That sounds like an ASP.NET application. Good luck with that.

[snip]
 
Ad

Advertisements

D

David Mark

Wonder what is wrong with the idea of hitting ASPX page to refresh session

Wonder what is wrong with top-posting too?
object and prevent it's expiration?
And what is wrong with client side? Its' only 3 lines.

And amazingly, all three are botched. As mentioned, this can be
expected of ASP.NET jockeys. As is typical, this one is trying to
rearrange some patterns of server and client side code until the
application seems to work in his browser. Sound familiar?

[snip]
 
G

George

Ok, David,

I think you either misunderstand a problem or just being a top notch
architect that made it to the mad house already and has not seen a reality.

Browsers work a little differently than desktop applications. And people
treat them the same and expect the same. So they think it's perfectly fine
to leave the browser open and go to break. Then come back in an hour and
expecting to continue their work.

George.



Wonder what is wrong with the idea of hitting ASPX page to refresh session

Wonder what is wrong with top-posting too?
object and prevent it's expiration?
And what is wrong with client side? Its' only 3 lines.

And amazingly, all three are botched. As mentioned, this can be
expected of ASP.NET jockeys. As is typical, this one is trying to
rearrange some patterns of server and client side code until the
application seems to work in his browser. Sound familiar?

[snip]
 
Ad

Advertisements

D

David Mark

Ok, David,

I think you either misunderstand a problem or just being a top notch

I understand that you don't know how to post properly. A trait you
seem to share.
architect that made it to the mad house already and has not seen a reality.

I understand session timeouts, half-wit.
Browsers work a little differently than desktop applications. And people

Do tell.
treat them the same and expect the same. So they think it's perfectly fine
to leave the browser open and go to break. Then come back in an hour and
expecting to continue their work.

Thanks for that. Apparently you didn't understand anything I said.

[snip]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top