473,237 Members | 1,374 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,237 software developers and data experts.

URGENT : ASP .NET cookieless session timeout

Hi

I am a little stuck. I have a web app which uses cookieless session
management. I would like to inform a user when their session has
ended but cannot work out how to implement. I thought of placing a
redirect into the Session_End method in the global file but this does
not work.

To my understanding a session will end when it has been idle for the
time specified in the web.config file. The user may still have the
browser open and decide to continue using the site after the session
has ended because they are not aware that the session has actually
ended. I would like to inform them that their session has ended once
they submit their next request and give them a set of options and or
messages.

PLEASE HELP. This is kind of urgent.

Thanks

Tecknickal
Nov 18 '05 #1
4 4879
Nick wrote:
Hi

I am a little stuck. I have a web app which uses cookieless session
management. I would like to inform a user when their session has
ended but cannot work out how to implement. I thought of placing a
redirect into the Session_End method in the global file but this does
not work.

To my understanding a session will end when it has been idle for the
time specified in the web.config file. The user may still have the
browser open and decide to continue using the site after the session
has ended because they are not aware that the session has actually
ended. I would like to inform them that their session has ended once
they submit their next request and give them a set of options and or
messages.

PLEASE HELP. This is kind of urgent.

Thanks

Tecknickal


This seems to be a "frequently asked question".

No, you can't redirect from Session_End, because a redirect needs
a Request to redirect and Session_End is not started by a request.
You can't just "push" a redirect to the browser because you also have
no way to know if that browser is still open, and showing your page.
(The user might have closed his browser or navigated to some other site)

There are two things you can do:
- use a <meta http-equiv=refresh> to redirect the browser to a "you are logged out"
page, after the timeout should have expired.
- on every request, check specific session variables. If they don't exist it's
either a new user or an expired session.

Hans Kesting
Nov 18 '05 #2
Hi Hans

Thanks for the quick reply. When you say :

use a <meta http-equiv=refresh> to redirect
the browser to a "you are logged out" page,
after the timeout should have expired.

How do I go about doing this? How do I know when the timeout should have
expired? Isn't the timeout used to timeout sessions when they have been
idle for the set amount of time?

You also stated :

on every request, check specific session
variables. If they don't exist it's either
a new user or an expired session.

I was thinking of setting the sessionId as a hidden form variable within
every form. Since ASP .NET creates a new session automatically if the
previous session does not exist. That way I can check to see whether
the hidden sessionId on the form is equal to the current sessionId, if
not, it has expired or something similar.

Do you think this is a good idea?

Thanks

Tecknick


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #3
teck nickal wrote:
Hi Hans

Thanks for the quick reply. When you say :

use a <meta http-equiv=refresh> to redirect
the browser to a "you are logged out" page,
after the timeout should have expired.

How do I go about doing this? How do I know when the timeout should
have expired? Isn't the timeout used to timeout sessions when they
have been idle for the set amount of time?

The counter starts when the last (current) page has been sent to the browser.
You know that the server-side timeout is 20 minutes (or whatever you changed it into).
Then you can set the refresh-timeout to the same timespan (or slightly more).
As you don't change that timeout often (I hope), you could hardcode this
into your aspx page.
Note: refresh uses a timeout in seconds.
You also stated :

on every request, check specific session
variables. If they don't exist it's either
a new user or an expired session.

I was thinking of setting the sessionId as a hidden form variable
within every form. Since ASP .NET creates a new session
automatically if the previous session does not exist. That way I can
check to see whether the hidden sessionId on the form is equal to the
current sessionId, if not, it has expired or something similar.

Do you think this is a good idea?

Form variables work only when there is a postback. A click on a link
will not send the form variables (or a viewstate). I was thinking more
along the lines of a "isloggedin" session variable. If that isn't present, then
it's a new session.
I wonder, if you use cookieless sessions, can you read the original session-id
from the querystring?

Hans Kesting
Thanks

Tecknick

Nov 18 '05 #4
Hi Hans
Thanks again for the reply. The meta refresh would be great except if
javascript is disabled then the refresh would not occur. I have decided
to use the Session.isNewSession object.

When the user hits the first page this property should be set to true
indicating that a new session has been created. If they are on the
first page of my site and this is true, that is ok. If they are on a
page other than my first page and this is set to true then I know that
either their session timed out or that they landed on the page first
before starting at my start page. In both cases, I will display a
message to inform them of this a redirect them to the start up page.

Thanks for you help and ideas.

Tecknickal
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: JJ | last post by:
Hi, I really need to use cookieless ASP sessions with ASP 3 (IIS5) Can I find out the session ID from the first page, then post it or send it with the url to the next page, then at the start...
7
by: Thaynann | last post by:
I am developin an application that access a web site, i can get to the first page of the site, but when i POST to get to other pages, it gives me a message (amongst the HTML code) "Session Timed...
3
by: Carpe Diem | last post by:
Hello I have an aspx page that loses Session("user") value after a few minutes even after I set <sessionState mode="InProc" cookieless="false" timeout="300"> in web.config and wrote function...
10
by: Anthony Williams | last post by:
Hi gang, This one looks like a bug :o( As you may or may not know, setting session management in web.config to use cookieless sessions causes the ASP.NET runtime to munge a session ID into...
17
by: jensen bredal | last post by:
Hello, i'm struggling with a somehow badly understood session scenario. I provide acces to my pages based on form authentication using Session cookies. Som of my pages are supposed to be...
0
by: vickeybird | last post by:
Hi, My current application requires me to use HTTPS and Cookieless Sessions. Ive just implemented HHTP Handler to redirect all http request to https as described by Matt Sollars at...
5
by: Yoshitha | last post by:
HI i've asp.net aplication and it is working fine in all systems but when i uploaded it into clients server and trying to run the aplication then i'm getting the following error Server...
0
by: Calvin KD | last post by:
Hi everyone, I need help urgently. I have a C#.Net app which uses cookies for state management. Everything has been going fine until recently we've expanded the app and a few more screens were...
5
by: Mugs321 | last post by:
Hi all, I'm having a problem with extending Session Timeouts... hopin someone can help.. This is the line under my <system.web> tag in my web.config: <sessionState mode="InProc" timeout="45"...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.