views:

148

answers:

3

I'm working on a website powered by .NET asp/C# code. The clients require that sessions have a 25 minute timeout. However, sometimes the site is used, and a user stays connected for long periods of time (longer than 25 mins). Session_End is triggered:

protected void Session_End(Object sender, EventArgs e)
{
    Hashtable trackingInformaiton = (Hashtable)Application["trackingInformation"];
    trackingInformaiton.Remove(Session["trackingID"]);
}

The user returns some time later, but when they interact with the website, they get an error, and we get this email notification:

User: Unauthenticated User

Error: System.Web.HttpException

Description: Failed to load viewstate. The control tree into which viewstate is being loaded must match the control tree that was used to save viewstate during the previous request...

The telling part of the stack trace is System.Web.UI.Control.AddedControl. Apparently, the server has thrown away the session data, and is sending new data, but the client is trying to deal with old data. Hence the error that "the control tree into which viewstate is being loaded [doesn't] match the control tree that was used to save the viewstate during the prevoius request."

So here's the question. How can I force instruct the user's browser to redirect to a "you're logged out" screen when the connection times out? (Is it something I should add to the Session_End method?)

+2  A: 

I think you'll need to use some client-side script to do this. Despite the fact that Session_End fires, the web server can't actually communicate a Session timeout message to the browser without the user first performing some action (i.e. sending a request.) So you'll have to have some timed client side script initiate that.

LesterDove
+1  A: 

something like javascript's setTimeout function.

e.g. in page onload function

setTimeout("redirect()", 1500000); //25 minute timeout

if you have any AJAX on your page, you should clear the timeout and start it over again when your new content loads.

Chad
+1  A: 

Even simpler is to use the Html meta tag "refresh". The following line will fire 5 minutes after the page was loaded:

<meta http-equiv="refresh" content="300;url=http://domain.org/Logout.aspx" />

Maybe this is what you need.

Flynn
+1 This is probably the simplest option. Thanks.
Dan