Timeout?

budman · June 3rd, 2004, 10:57 AM

When an application times out, what variables should be cleared for the user to log in again without having to close the browser?

The reason I'm asking is I have an app that has been set to timeout the user, but when logging back in, it does not correctly redirect to the page where the user was before he got logged out.

I have a feeling that this is because the server is accessing cached variables/information and I'm not sure how to fix it.

Any ideas?

DaveGerard · June 3rd, 2004, 11:18 AM

How about inserting something like this into the top of your page. Or maybe an SSI that you can include at the top of your pages.

<%
response.buffer = true

'--redirect to login if session is expired--
if Session("MySession") <> Session.SessionId then
Session("MySession") = Session.SessionId
response.redirect "Login.asp"
end if
%>

Only make sure you are redirecting to the correct page. As far as directing the user to the page he timed out at you could try setting a cookie when they enter a page that has the page info and then retrieve those page values after you have authenticated them.

That help?

Dave

budman · June 3rd, 2004, 11:50 AM

Quote:

quote:Originally posted by DaveGerard
As far as directing the user to the page he timed out at you could try setting a cookie when they enter a page that has the page info and then retrieve those page values after you have authenticated them.

That help?

Dave

It might. Would there be any other way to retrieve the page info? Say, somehow connect the old session id (the arbitrary one issued by the server to keep track of session variables) to the new session id?

Actually now that I think about it, I think it has something to do with the database connections, since they depend on information established during login.

mat41 · June 3rd, 2004, 06:42 PM

To end a session immediately, you may use the Abandon method:
<%
Session.Abandon
%>

To remove all variables in a session, use the RemoveAll method:
<%
Session.Contents.RemoveAll()
%>

To remove a session var:
<%
Session.Contents.Remove("varName")
%>

My Opinion: Cookies should remain something you eat. Advances in server side code have left you very few occasions when you may need to use them Eg 'tick this box to remember my log in details'. Using cookies inhibbits the portability of your web pages. Use then but dont rely on them. If you do rely on them, you are restricting your viewable audience.

Have you got your time out set to less than the default 20 mins? if so, you are restricting your users from making a cofee and being able to come back to your web page to continue thier experience on your site. A personal turn off for me

Lastly, it's mostly frugal people who say session vars are bad and exhaustive on resources, true they are but - there are things you can do to make the use of them effectivly, i'll let you research that one (EG clear them once youve finished with them)
Solution, instead use:
a.. Constants
b.. hidden form variables
c.. Querystrings

Wind is your friend
Matt

DaveGerard · June 4th, 2004, 05:30 PM

You could put together some code that would write the page path (Query String) to a table and date it. You would also need to write their UserId. Then upon re-logging in you would query the last page that user accessed and send them to it. The code could be an SSI (include file) that you include in the top of each page (or parent page if using includes already). That way you only need write it once.

Dave