tags:

views:

1730

answers:

3
+1  Q: 

How do I prevent resetting Session timeout when UpdatePanel's content is refreshed by a Timer event?

We have several pages in our ASP.net Ajax application which auto refresh the UpdatePanels contents based on a timer event but the problem is that we have a requirement to timeout the web session and the auto refresh is preventing that.

Is there a way to prevent the timer postback event from modifying the web session or any other alternate solution to allow the web session to timeout while auto refreshing the UpdatePanel contents?

Here is an example to illustrate this problem. I set the session timeout to 3 minutes and have a timer in the UpdatePanel that ticks every minute and modifies the contents of the UpdatePanel based on the current state. After logging in, I navigate to this page and do nothing for 5 minutes and then try and click on another page and I am still logged in since the session didn't time out.

+1  A: 

You may track the activity of the user on the client side. If there is no mouse move etc. you could log the user out using the Sys.Services.AuthenticationService class (part of Microsoft AJAX Library 1.0). You could pop a confirmation before you do the actual log out, so that the user may cancel it if he is present. When logged out you could pop a message to the user saying that he was automatically logged out because of inactivity.

How my solution would solve your scenario:

You set the session timeout to 3 minutes and have a timer in the UpdatePanel that ticks every minute and modifies the contents of the UpdatePanel based on the current state. After logging in, you navigate to this page and do nothing. After 3 minutes of no activity you pop a confirmation to the user asking him to cancel automatic log out using the Sys.Services.AuthenticationService. If the user still takes no action you log him out after a few seconds. You pop a "logged out message" that the user will see when he returns to the browser after 5 minutes. When he then click on another page he is not logged in.

knut  2009-04-21 00:31:41
Okay, I understand what you are saying but I was hoping for a simpler solution. To paraphrase, since the session is not timing out due to the Timer event postback, you suggest that I keep track of how long the user has been inactive relying on something other than session timeout. It could even piggyback on the Timer refresh event. My only concern is that it seems like I would end up having to manually handle session timeout.
Brian  2009-04-21 22:58:52
Sys.Services.AuthenticationService is part of Microsoft AJAX Library 1.0. It is a JavaScript library. So what I am saying is that you keep track of user activity on the client side. Mouse move etc... You log the user out with a JavaScript call to the logout function on the Sys.Services.AuthenticationService object.
knut  2009-04-21 23:07:33
For my case, invalidating the session would be required rather than using Sys.Services.AuthenticationService since the login mechanism is custom and based on the session. I believe I have a solution that does not involve any javascript which is preferable but I need to test it out. Thanks for your answer and comment as it got me to think about this problem in a new way that led to my proposed solution.
Brian  2009-04-21 23:37:00
A: 

hello , I am also having the same problem can you please let me know what solution did you find. Would really appreciate your help. Thanks Vij

 2009-07-17 11:23:37
A: 

I am also having the same problem... did anyone find a fix for this issue? I would really be happy...

NF  2010-02-23 10:24:55

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps