I'd like to use the SessionEnd event handler in the Global.asax to log out the users on my site.

As simple as one line... Response.Redirect("myLogoutPageURL")

However, in my informal tests nothing happened. The session did indeed time out, but that line of code never ran - the user (me) remained on the page where they timed out.

Is a redirect at session timeout possible? It will save me some coding later on, for sure. It will prevent forms from being submitted after a user has timed out, and saving incorrect user IDs along with the form data. I welcome your thoughts (as always).

Don't let your meat loaf.
-Colonel

- - - - - - - - - - - - - - - - - - - - - - -
In God we trust, everything else we test.

Hi there,

The SessionEnd will fire without access to the user's browser. Suppose a user browses your site and a new Session is created. After a while, the user leaves your site and closes the browser. 20 minutes later the Session will time-out. Now, how do you get access to your client? You can't. You can only send a Redirect instruction as a response to a request from the client.

What you could do is add a <meta> tag to the <head> section of your page that refreshes the current page 1 second after the session has timed out. That is, you'll need to set the Content attribute to the Session timeout (in seconds) + 1.

This way, right after the session timed out on the server, the browser will try to refresh the page, and then find that the Session has timed out.

Cheers,

Imar


---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

Thanks!

- - - - - - - - - - - - - - - - - - - - - - -
In God we trust, everything else we test.

sorry I cant get it can someone explain it....
Hello Imar,
did you mean we should refresh the page every for example 21 seconds?(even when its maybe closed by user?) or maybe I didnt get it correctly ...

--------------------------------------------
Mehdi.:)

The default session timeout is 20 minutes, so that would be 20 minutes + 1 second.

You cannot refresh a page from the client after the user has closed their browser.

The only thing you can accomplish with the method I suggested is that after the session has expired on the server, the page the user has been looking at for the past 20 minutes, automatically retrieves a new page from the server.

So, by adding a meta refresh tag, or some JavaScript, you can instruct the browser to retrieve a new page in 20 minutes + some seconds from now. The page could be something like ExpiredSession.asp so when it is requested, you know the user's session has expired. In that case, you can show them an instructive message, explaining why the session timed out etc.

If you add code like this to all your pages, most users won't notice it. Since the timeout has a sliding expiration time, when they request a new page, the next timeout time is 20 + some seconds from now.

Does this clarify things?

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

yes,most perfect answer,
could you guide me to make this tag(I'm not familiar with javascript)?
Thank you very much in advance.


--------------------------------------------
Mehdi.:)

You don't need JavaScript when you use the meta refresh tag.
Place the following in the head section of your page:

<meta http-equiv="refresh" content="2;url=YourNewPage.asp /">

or

<meta http-equiv="refresh" content="2;url=http://SomeServer.Com/AnotherNewPage.asp /">

to redirect the browser after 2 seconds.

With JavaScript, you can use SetTimeOut to load a new page automatically.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

my problem was due to I think when the page loads for the first time,from that time to 21(i.e) seconds later the page will go to the LogoutPage
I didnt consider when user pots back the page(through an event) at a time its again loaded and then if there is no request 21 seconds after the time its created it will go to LogoutPage ....
Thank you very much for your method.

--------------------------------------------
Mehdi.:)

However,
consider situations we use an explorer like MyIE or Opera that we could have many pages within them,and suppose a user has opened two pages(page1,page2)and for example our user just works on page1(not page2)then after 21 seconds page2 goes to LogoutPage while user are working on page1(executing some server-side events) ...
!?

--------------------------------------------
Mehdi.:)

First of all, and again, I don't think it'll be 21 seconds: it will be 1201 seconds, as the default time out is 20 minutes.

Secondly, it depends a bit on how you opened the second window. If the new window was opened using Ctrl+N, both windows will share the same session, because they share the same client side cookie with the second ID.
So, if on the page you're calling you check for a timed out session, the user can continue to browse with the second page, even if the first one requested the ExpiredSession.asp page.

But I am unsure what you're are trying to accomplish. We're having a theoretical debate about dealing with session time-outs, but I am unsure what you want, or what you want to use this for.

Can you elaborate a bit??

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Suicidia ... In Questi Fieri Momenti (Ponchielli) by Maria Callas (Track 11 from the album: Maria Callas: The Voice Within the Heart) What's This?