|
 |
asp_web_howto thread: Session Timeout
Message #1 by "Harry Verstandig" <hverstandig@g...> on Tue, 17 Apr 2001 21:02:16
|
|
In our web application, if a user session times out, the user is
automatically bumped to the login page (index.asp). I want to be able to
trap the timeout to put a user friendly message on the login page, to let
the user know why he/she is back there. Not sure if this is relevant, but
we initialize Session vars in our Global.asa, set the start page there,
and set the session.timeout value there. There is no Session_OnEnd proc.
We're on IIS4. I tried putting the message and a Response.redirect to the
login page in an include file (which I added to every page except the
login page), but that did not fire. Anyone have any experience with this
or any ideas how best to do it?
Message #2 by "Ken Schaefer" <ken@a...> on Wed, 18 Apr 2001 13:54:13 +1000
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: In our web application, if a user session times out, the user is
: automatically bumped to the login page (index.asp). I want to be able to
: trap the timeout to put a user friendly message on the login page, to let
: the user know why he/she is back there. Not sure if this is relevant, but
: we initialize Session vars in our Global.asa, set the start page there,
: and set the session.timeout value there. There is no Session_OnEnd proc.
: We're on IIS4. I tried putting the message and a Response.redirect to the
: login page in an include file (which I added to every page except the
: login page), but that did not fire. Anyone have any experience with this
: or any ideas how best to do it?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Why not put a:
<meta http-equiv="refresh">
tag on each page, with the redirect period set to the session timeout
period, and have the redirect point to whatever page that you want to
display to people who have logged out?
Cheers
Ken
Message #3 by "Peter Lanoie" <planoie@e...> on Tue, 17 Apr 2001 19:26:54 -0400
|
|
How are you automatically bumping the user to the login page?
If you are using a redirect you could add a argument to that redirect,
something like "login.asp?Timeout=1" then on login, you could just test for
this argument, and if it's there, display the message.
HTH,
Peter
-----Original Message-----
From: Harry Verstandig [mailto:hverstandig@g...]
Sent: Tuesday, April 17, 2001 5:02 PM
To: ASP Web HowTo
Subject: [asp_web_howto] Session Timeout
In our web application, if a user session times out, the user is
automatically bumped to the login page (index.asp). I want to be able to
trap the timeout to put a user friendly message on the login page, to let
the user know why he/she is back there. Not sure if this is relevant, but
we initialize Session vars in our Global.asa, set the start page there,
and set the session.timeout value there. There is no Session_OnEnd proc.
We're on IIS4. I tried putting the message and a Response.redirect to the
login page in an include file (which I added to every page except the
login page), but that did not fire. Anyone have any experience with this
or any ideas how best to do it?
Message #4 by "Harry Verstandig" <hverstandig@g...> on Wed, 18 Apr 2001 19:04:55
|
|
Thanks for the response, Peter. Users are getting redirected back to the
login page via this code that is located inside the Session_OnStart in the
Global.asa:
startPage = "/index.asp"
currentPage = Request.ServerVariables("SCRIPT_NAME")
'**** Do a case insensitive compare, and if they
'**** don't match, send the user to the start page.
If strcomp(currentPage,startPage,1) Then
Response.Redirect(startPage)
End If
My understanding is that the Session_Onstart is fired regardless whether
the user is just logging in, or on an expired timeout - and you can't tell
which it is. So that seems to preclude adding an argument to that
redirect. I don't want to take this code snippet out, so that a user can't
accidentally (or otherwise) start into the app without logging in.
I did not think about Ken's idea of using the Meta tag with a refesh on
the timeout time and then a redirect. Perhaps that will work OK.
Harry
> How are you automatically bumping the user to the login page?
> If you are using a redirect you could add a argument to that redirect,
> something like "login.asp?Timeout=1" then on login, you could just test
for
> this argument, and if it's there, display the message.
>
> HTH,
> Peter
>
> -----Original Message-----
> From: Harry Verstandig [mailto:hverstandig@g...]
> Sent: Tuesday, April 17, 2001 5:02 PM
> To: ASP Web HowTo
> Subject: [asp_web_howto] Session Timeout
>
>
> In our web application, if a user session times out, the user is
> automatically bumped to the login page (index.asp). I want to be able to
> trap the timeout to put a user friendly message on the login page, to let
> the user know why he/she is back there. Not sure if this is relevant, but
> we initialize Session vars in our Global.asa, set the start page there,
> and set the session.timeout value there. There is no Session_OnEnd proc.
> We're on IIS4. I tried putting the message and a Response.redirect to
the
> login page in an include file (which I added to every page except the
> login page), but that did not fire. Anyone have any experience with this
> or any ideas how best to do it?
>
Message #5 by "Peter Lanoie" <planoie@e...> on Wed, 18 Apr 2001 20:01:45 -0400
|
|
Session_onStart gets called only when a new session is starting. What you
probably want to try is this:
Every page calls a function (or include file) that checks for a valid
session.
If the session check is invalid (i.e. not a valid user, or a timeout, which
you might have to determine yourself) you redirect them with an argument in
the querystring.
If the user has an expired session, and you don't have any other way to
telling that they are a "returning" user (i.e. making a successive page
request but just waited too long), then there's no easy way of determining
that they "timed out". If you have a cookie or something else that can
persist longer than the session, then in the Onstart routine, you could
check that piece of data and use it to determine that the session being
started is for a person who did actually time out, and not a brand new user.
Then you could tack on the "You timed out" flag argument onto the URL.
For an application who's pages can (or at least should) only be accessed
during/through a current session, you could make the assumption that a
failing session check is a user who has timed out, redirect accordingly.
Hopefully I haven't confused you more. :)
Peter
-----Original Message-----
From: Harry Verstandig [mailto:hverstandig@g...]
Sent: Wednesday, April 18, 2001 3:05 PM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Session Timeout
Thanks for the response, Peter. Users are getting redirected back to the
login page via this code that is located inside the Session_OnStart in the
Global.asa:
startPage = "/index.asp"
currentPage = Request.ServerVariables("SCRIPT_NAME")
'**** Do a case insensitive compare, and if they
'**** don't match, send the user to the start page.
If strcomp(currentPage,startPage,1) Then
Response.Redirect(startPage)
End If
My understanding is that the Session_Onstart is fired regardless whether
the user is just logging in, or on an expired timeout - and you can't tell
which it is. So that seems to preclude adding an argument to that
redirect. I don't want to take this code snippet out, so that a user can't
accidentally (or otherwise) start into the app without logging in.
I did not think about Ken's idea of using the Meta tag with a refesh on
the timeout time and then a redirect. Perhaps that will work OK.
Harry
|
|
|
View Cart
