TIP: Redirecting when session expires

jimibt · September 25th, 2007, 11:25 AM

Caught the following idea while looking for something else and thought i'd share it here.

Bascally, when a session expires, it's good practice to redirect to a 'safe' page that let's the user know that both the seesion has expired AND that any personal info is not on display.

to this end, the following can be added to the template.master.cs file:

        protected void Page_PreRender(object sender, EventArgs e)
        {
            HttpContext.Current.Response.AppendHeader("Refresh ",
                Convert.ToString(((HttpContext.Current.Session.Tim eout * 60) - 5))
                + "; Url=default.aspx?timeout=true");

        }

obviously, the value Url=default.aspx?timeout=true would be that of an informational page or (as i've done) a parameter added onto the default.aspx page that when opened diplays the 'information' panel.

just so you know :)

also, the more discerning among you will twig to the idea that the same kind of logic (appending a response header) could be applied to the AddEditPost.aspx form to redirect to the 'urlreferer' after 5 seconds or so once a post has been added/amended!!

jimi

http://www.originaltalent.com

englere · October 25th, 2007, 12:39 AM

Cool idea. Now for the hard part: how can we alert the user a minute before the session expires and allow him to click to keep the session alive? I've seen that done on some sites but I have never done it myself.

Eric

ViagraFalls · October 25th, 2007, 12:53 AM

That sounds as if there's either a windows service or a web service "pushing" an event to the client... Do you have any idea what site it was? I'd like to see that in action, just to have a peek :)

http://entropia-online.blogspot.com/

Maxxim · October 25th, 2007, 04:07 AM

the session expire after the user spend some time idle from the site right?

So... If he is idle, he probably doesn't read any alert!!

But if you really want to do that, you can use javascript. Everytime you make one request you reset the counter, and when the Timecounter reach the timeSessionminutes - 1 then display the alert.

englere · November 16th, 2007, 01:39 AM

We have users who have our web app running most of the day. Sometimes they switch windows to work in Excel, Word, Outlooks, etc, but the web app is still open in the background. I want to pop up a new window over the top of whatever they're doing to give them a chance to keep their session alive. Maybe the JavaScript can go in the master page? JavaScript is one of my weaknesses, I'm afraid.

Eric

zaghmout · November 16th, 2007, 05:42 AM

Great idea man... I love it :)

Nothing is impossible. The impossible only takes longer. "Digital Fortress, Dan Brown"