ansaurus

Question

What is the best approach to handle session timeouts in asp.net

Answer 1

A:

The only thing I can think of is to generate some script on the page that creates a client timer, so that when the page is received and rendered, it can show an alert X-minutes later (that is 5mins before expire).

If you'd rather have the session just keep itself alive, you can do this with a generic handler (ASHX) that you periodically call via AJAX. This will help refresh the session and it should stay alive for as long as the AJAX calls continue.

Example "keepalive.ASHX":

<%@ WebHandler Language="C#" Class="keepalive" %>

using System;

public class keepalive : System.Web.IHttpHandler
{       
    public void ProcessRequest (System.Web.HttpContext context) 
    {
        context.Response.ContentType = "text/json";
        var thisUser = System.Web.Security.Membership.GetUser();

        if (thisUser != null)
            context.Response.Write("[{\"User\": \"" + thisUser.UserName + "\"}]");
    }

    public bool IsReusable
    {
        get { return false; }
    }
}

And here's the script on the page to call it (with jQuery for simplicity):

<script type='text/javascript'>
    function keepAliveInterval()
    {
        $.ajax(
        {
            url: "keepalive.ashx",
            context: document.body,
            error: function () {
                alert("AJAX keepalive.ashx error :(");
            }
        });
    }

    $(document).ready(function () {
        window.setInterval('keepAliveInterval()', 60000);
    });
</script>

Codesleuth 2010-07-22 12:48:22

@Codesleuth from the moment you call the keepalive.ashx the session of the user is updated.. (or not ?)

Aristos 2010-07-22 13:14:52

I'm not 100% sure how handlers work, but how does this keep the session open? would creating a webservice and calling a function via javascript every 5 minutes do the same trick? if so... what are the drawbacks?

Dusty Roberts 2010-07-22 13:28:26

@Aristos: Yep, but if it has expired for some other reason, the error alert will tell the user (i.e. did they log out in another tab/window?)

Codesleuth 2010-07-22 13:29:58

@Codesleuth your code is also good idea and yes its gives one more information that can be helpful.

Aristos 2010-07-22 13:46:37

Answer 2

+1 A:

The best approach to handle sessions timeouts.

I say that there is 2 basic cases.
One is when the users enter little or no data, and just read reports, or do small thinks with his mouse. In this case there is not easy way to inform him that the session is going to off, because maybe there is a second window-tab open and keeps the session alive, so the message is return false, or if you try to check him, you automatically update user sessions... so just let him expire, no big deal.

Second is when the user need to enter many data, that some time can take time, a long text for example, to write it and fix it. In this case I use the below technique and I am not let the session go out.

How to keep the session open as long as the browser.

Here is a very nice and simple technique, I use an image that I make an reload of it before the session is timeout using JavaScript.

<img id="keepAliveIMG" width="1" height="1" src="/img/ui/spacer.gif?" /> 

<script language="javascript" type="text/javascript"> 
    var myImg = document.getElementById("keepAliveIMG");

    if (myImg){
        window.setInterval(function(){
              myImg.src = myImg.src.replace(/\?.*$/, '?' + Math.random());
            }, 6000);
    }   
</script>

Aristos 2010-07-22 12:57:51

I like this approach, but you'd have to make sure the caching on the image isn't set, and that the folder security isn't just set to anonymous in the config. One downside is that if the session *did* expire, there's no way of the page warning the user, unless you set an `onerror` event.

Codesleuth 2010-07-22 13:09:42

@Codesleuth if you see better the code, you find that I make a random number on the end of the image - so is not cached. - This code is tested among 4 others ways and is live even now and its working :)

Aristos 2010-07-22 13:11:40

yeah, this seems like a neat way to keep the session open. waaaay better than my initial thought of iframes.

Dusty Roberts 2010-07-22 13:26:15

@Aristos ah so it does :) good job there. Personally, I think I'll stick to my own keepalive ajax calls, just because I can return information along with it for status updates too (system alerts :D )

Codesleuth 2010-07-22 13:28:06

Answer 3

A:

Use some jquery that keys off of your session timeout variable in the web.config. You can use this Jquery delay trick that when a specific time occurs (x number of minutes after load of the page), it pops up a div stating session timeout in x minutes. Nice, clean and pretty simple.

Regarding session timeout, Codesleuth's ajax call would be perfect.

asp316 2010-07-22 14:04:55

ansaurus

tags:

views:

answers:

What is the best approach to handle session timeouts in asp.net

related questions