views:

795

answers:

4

I am wondering if I can handle a session timeout event. I need to make a function call to my function right before session timeouts or user left my page, or closed browser window. The most important part here is to have access to everything stored during the session, session variables.

+4  A: 

Take a look at the Session_End() method in global.asax. The global.asax file should already be wired to call this method when the session ends. You can just put your code in there however you'd like.

 Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
  ' Fires when the session ends
 End Sub

Of course, you should note that the session is entirely a server-side thing. It'll only end after X minutes of inactivity (20 minutes is the default). It will not end the instant the user closes the window. ASP.NET has no knowledge of a user closing a window or leaving your page.

And in fact, it's tricky to try to perform any immediate action on the server-side when this happens. I mean, it's easy to call window.onbeforeunload in Javascript and bring up a confirm box before the user closes the window. But when you try to send a packet to the server immediately before the window actually closes, I think you'll find that it becomes a difficult task to make this all user-friendly. You could write some Javascript that sends a message to the server using AJAX which notifies the server that the user is closing their browser, and then use more Javascript to close the browser after that message has been sent. But then the user will get the annoying message (in most browsers) stating that a script is trying to close the window. This will look very amateur-ish to the user and may make them think twice about coming back.

So if you're willing to put up with a delay, I'd just avoid this whole Javascript mess entirely and rely on a pure server-side solution using Session_End(). After all, if a user closes the window or leaves, ASP.NET will eventually notice because the session will timeout.

Steve Wortham
However, you should be aware that not all Session State Providers support the Session_End event. InProc session state should be fine, but for others you'll need to check the provider documentation before you rely on this event.
Joel Mueller
Good point. I don't believe it'll work for StateServer or SQLServer sessions.
Steve Wortham
fyi - my javascript comment was in response to david's comment that it's hard and ugly 'to pop up a message reminding a user to save before they leave the page' - it isn't. i wasn't suggesting it as a solution for handling session_end. that would be mental.
flesh
Thanks, I was aware of global Session_End function, I just wasn't sure it is working with timeouts and holds variables of expired session. JavaScript solution is very ugly, indeed.
negative
+1  A: 

The web is stateless so you're not going to know whether the user has closed the browser window. You can use the 'Session_End' event in the global.asax file for session timeouts. If you want access to all sessions, you can store them in a collection via the 'Session_Start' event, also in the global file ..

Edit: If you want to intercept the close event of a page using javascript, here's how (note, this is unreliable):

window.onbeforeunload = closeIt;

function closeIt(){ 


  return "You have unsaved changes. Are you sure you want to leave this page?";

}
flesh
It is important to remember a web site is NOT a windows program. For example it is very difficult to pop up a message reminding a user to save before they leave the page. It is possible, but not easy and typcially very ugly.
David Basarab
David - no it isn't difficult and it's only as ugly as a windows dialog.
flesh
I think it is ugly because you can't control the way the message box looks. For instance in windows you can at least style it to look the same. You could have a great looking site then here is the ugly message box.
David Basarab
I agree it would be nice to have the ability to style it the dialog, but Stackoverflow uses it, and it never offends me, it's so common as to be transparent to most users ..
flesh
+2  A: 

Session_end will handle the session time out issue. However, this will not fire when the user closes the browser or moves to a different URL. It waits until the session timeout expires.

In order to detect the other conditions, you'll have to use javascript on the client. However, these methods aren't always reliable depending on the browser/version, etc. Also if the user's computer shuts down, is unplugged, or they otherwise completely go away this script won't fire.

You might consider other alternatives. What exactly are you trying to accomplish with this function?

Chris Lively
A: 

You could have a basepage which is inherited by every aspx page & in your base page init event just check for a session variable for nothing. If it is nothing then it means session has expired and you can redirect user to a login page.

SoftwareGeek