tags:

views:

116

answers:

2
Q: 

How can I redirect a user back to signout page when timed out? Asp.net MVC

Hi

I have site that users lots of ajax(jquery). Now if the user times out for whatever reason(walked about for 30mins or something). On there next action I want them to be returned to the login page.

I setup everything in the webconfig(returnUrl and timeout) and if they try to go to a page they have no premission to go to they get sent to the login page.

However I have the authorize tags on the methods in my controllers that are used for ajax requests. So if a user timesout they are no longer authenticated but they might be on that needed authentication since they logged in and walked away.

Now they could go and try to save something at this point that would do an ajax request. The authorize tag will stop them from doing this since they will fail authorization and the return url will kick in.

However eventhough the return url seems to be sent back to them they are not redirected to the signin page. So I am guessing since all this stuff is ajax thats why it is not working properly. So is there away I can fix this?

+1  A: 

Run a client-side function every 30 seconds using setTimeout, which should ask the server via AJAX if the session has been timed out. If it has, the client-side code could toss out any login cookie and redirect to the login page.

You can either code hard-code the login url into the client-side code, or have the server handler return the value from the web.config if it needs to timeout.

This still leaves the possibility that the user could try something in the 0-30 seconds between when the user actually times out and the client side code does its request to check. To prevent this as well, have the server send back the amount of time left in the session, that way your client-side code can make the decision to either check back again sooner, or do the client-side redirect before the server-side drop-dead time.

David  2009-11-09 02:29:41
Could you write me a short same code. I am not sure how to make it run everything 30seconds nor what setTimeout is. Is this a jquery function? javscript function?
chobo2  2009-11-09 02:37:37
Hi Chobo, Rasik again....Here is the link for sample code on Auto Logout written by my friend and colleague... take a look at it....http://www.firozansari.com/2009/05/15/implementing-auto-logout-functionality/
Rasik Jain  2009-11-09 02:41:58
This could hammer the server if there are more than a few people using it.
David Kemp  2009-11-09 13:59:10
The link provided by Rasik Jain is good, although it is worth noting that it assumes that the client-side is authoritative on when it is time to force logout. If the server needs to be authoritative, then there could still be a problem if client and server disagree.Of course, on the server side, you can (and should) always check to see if the login is still valid before doing something as a result of client action.
David  2009-11-09 16:50:45
I am not sure I follow you David. I am not sure how the client and server could disagree and even if they do disagree I would take whatever the server says since it does check the users credentials every time it hits the server. So could you maybe explain what you mean in more detail? thanks.
chobo2  2009-11-09 18:52:40
@Rasik Jain, Hey again. I tried your friends script but I am having problems with it. I set my timeout for 2mins and a warning at 1min but it seems to never work that way. What seems to to happen is like 3 seconds before the auto logout should happen is when you see the 1min warning message. Of course it flies by so that you can see it. I think your friends script is good and he probably should make it into a jquery plugin. The only thing that concerns me is this. say a user has no activity for 9mins and logout on server and from the script is 10mins. The user comes back and moves the mouse
chobo2  2009-11-09 19:48:43
on my webpage resting the client side page. However if he does not do anything in in that one min that hits the server he will be timed out. So that's what concerns me about this way.
chobo2  2009-11-09 19:49:34
+1  A: 

You need to check the Ajax error for a 403 response

David Kemp  2009-11-09 14:00:03
I don't get "403" errors. I get 200 OK back.
chobo2  2009-11-09 19:26:43
Well actually it seems that I get 200 OK back but if I setup a Jquery Ajax.Error it goes to the error method. But not sure how check if it is 403 error.
chobo2  2009-11-09 20:32:22
Also if this would work this would only fix half of the problem. Since I have ajax tabs and what happens is if the authentication fails. It loads the signin page into the tabs.
chobo2  2009-11-09 20:33:47

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?