ansaurus

Question

How to implement session Time out page to show using asp.net mvc

Answer 1

A:

I believe it is seconds.

You won't have to worry about redirecting to the session timeout page if you use the authentication provider to deny non-anonymous users, when it times out and the previously logged in user tries to access a page, it'll redirect automatically.

Gabriel 2010-10-21 18:29:09

Thanks Gabriel, but how to display those Sesiontimeout page?thanks

kumar 2010-10-21 18:31:08

I believe you should rtfm. :) http://msdn.microsoft.com/en-us/library/1d3t3c61.aspx Either way, belief is best left out of programming. :)

bzlm 2010-10-21 18:31:11

Answer 2

A:

Make a counter in javascript and when the time-out is reached redirect the user.

Edit: As I understood your question you wanted to redirect to the page when a user has been inactive for too long yes?

Joakim 2010-10-21 18:31:07

THanks Joakim, can you please explain me in the code if you have please I am completly new to this kind of things, how to implement the count using javascript?

kumar 2010-10-21 18:32:00

@Joakim In the example in the question, the session timeout is 2 days. Even for a really cool web page, that's a long time to be inactive. :)

bzlm 2010-10-21 18:53:16

I agree that it's a long timeout, however the question is about client redirection in my eyes and not server redirection when the login timeout has been reached.

Joakim 2010-10-21 19:18:38

Answer 3

+3 A:

You can identify a session time out in MVC with an action filter. Here is a question I asked about the issue. And the time listed is in minutes. (check comments for link)

NickLarsen 2010-10-21 18:37:12

@NickLarsen According to MSDN, `timeout` *Specifies the time, in integer minutes*. http://msdn.microsoft.com/en-us/library/1d3t3c61(v=VS.80).aspx

bzlm 2010-10-21 18:40:54

@bzlm, Thanks for clarifying, I stopped using session time outs a while ago. Will update the answer.

NickLarsen 2010-10-21 18:43:03

@NickLarsen The value 2880 should give a hint. Why would the default be 48 minutes? :)

bzlm 2010-10-21 18:51:32

So can I use 30 instead of 2880?

kumar 2010-10-21 18:57:11

@Kumar, yes --- @bzlm, there are funny defaults all throughout the programming world, so it didn't set off any triggers :)

NickLarsen 2010-10-21 19:05:08

Answer 4

+1 A:

As Gabriel said, with FormsAuthentication the timeout will happen behind the scenes meaning your user will be asked to log in again if they access a page after the time has expired.

I would suggest looking into adding slidingExpiration="true" to your web.config.

Also, you might want to implement an automatic logoff so potentially sensitive data isn't left exposed once the timeout is reached.

I did this by calling window.setTimeout(myFunction, 30000) with each page load if the user was authenticated. That function uses JQuery ajax to hit an action that returns the amount of time left before the session expires. Once the amount of time goes below zero, you can redirect to a logoff action via JavaScript. Otherwise that method simply calls window.setTimeout(myFunction, 30000) again so it continues to check.

You can get fancier by adding a warning message and allowing the user to click a button that uses JQuery ajax to hit an action that resets the timer.

Mayo 2010-10-21 18:37:33

ansaurus

tags:

views:

answers:

How to implement session Time out page to show using asp.net mvc

related questions