views:

60

answers:

1

Hello everyone,

I have an ASP.NET MVC2 web application that uses InProc sessions to store the logged in user's ID. In the controllers, I am using a custom AuthorizeAttribute to check the Session for a valid ID.

I am also using TempData within my controllers after a GET->POST->REDIRECT to display confirmation messages. For example, when the user logs out, my Logout() controller action clears the Session, sets a TempData["Message"] and redirects to the Login() action. The Login() action then displays any TempData["Message"] that isn't null.

TempData["Message"] = "You have successfully logged out.";

My question (finally) is as follows. I would like to be able to redirect the user to the Login() action if the Session times out, as opposed to the user logging out.

TempData["Message"] = "You have been logged out due to inactivity.";

I am not sure if 1) the use of the TempData collection is appropriate in this scenario or 2) where the appropriate place to handle this would be.

I would like to keep within the MVC guidelines / best practices as much as possible, so it seems that using the Session_End in some ugly fashion is not the way I would want to go. I would like to avoid passing in a ?timeout=true in the query string as well.

Any thoughts?

A: 

There's nothing you can do on the server when a session expires because the browser is not connected to the server all the time.

I would create a javascript function that refreshes the page a short time after your sessionperiod has expired.

ZippyV