MVC5 SESSION EXPIRATION

Question

User-1569093213 posted

How To clear Session if my application is idle for 30 minutes....i have to provide the timeout value dynamically.....not hard coated value...if user is not using up the application then my applicaion will redirect to login page by clearing all the session of all application in mvC 5..i am using mvc5 and angular js...

So how can i do that..

Thanku

Answer 1

User-1923420989 posted

 try the below way it is good one.

http://www.codeproject.com/Articles/227382/Alert-Session-Time-out-in-ASP-Net

you could keep the timeout and alert time in web.config so that anytime you could go and change ( somehow dynamic )

 

Answer 2

User-821857111 posted

You shouldn't use Session to manage authentication. You should use Forms Authentication. The default timeout for that is 30 seconds and the user will be redirected to whichever page you specify as the loginurl if the user is inactive for that period. By default, sessions expire after 20 minutes, so they will also get cleared.

Answer 3

User-1569093213 posted

thanku sir for your reply..

i have written the syntax like

<system.web>
<authentication mode="Forms">

<forms loginUrl="~/www/Login.html" protection="All" path="/" timeout="2880" cookieless="UseCookies" requireSSL="false" slidingExpiration="true" />
</authentication>
<compilation debug="true" targetFramework="4.5" />

</system.web>..Is there any another way to have this implimentation

i am using mvc5.if application is idle for 30 min then i need to clear all the sessions

Answer 4

User-219423983 posted

Hi BHUSHAN BHASME,

BHUSHAN BHASME

Is there any another way to have this implimentation

i am using mvc5.if application is idle for 30 min then i need to clear all the sessions

I think you don’t need to care about whether the application would clear all the sessions if the application is idle for 30 min, you could just set a timeout value in the “sessionState” section in the web.config to “30”, then if one user is idle for 30 min, the use would be disconnected automatically. So if the application is idle for 30 min, the session would be cleared respectively, as Mikesdotnetting said above. Here, you should also have a look at the following two links that provide us something about the session.

https://msdn.microsoft.com/en-us/library/h6bb9cz9(v=vs.85).aspx

http://stackoverflow.com/questions/17812994/forms-authentication-timeout-vs-sessionstate-timeout

I hope it’s useful to you.

Best Regards,

Weibo Zhang

Answer 5

User-1569093213 posted

HI WEIBO...I AM NEWBIE TO MVC5

i am creating custom Authorise attribute....now when user has logged innn into application and suppose say ,he leave the application without doing anything to it once he is logged in into the application..so i just want to check out that for how much time the application is idle...i am using form authentication and i am isssuing the formticket..

like

FormAuthentication.SetAuthCookie(user.name,true);

Like this only i am writting

so How to check out that for how much time the application is idle??and redirect the user to login/home page

Thanking You

Answer 6

User-219423983 posted

Hi BHUSHAN BHASME,

I think you could take a look at the following articles that are about Session Timeout warning by using javascript. In you issue, you could let the time with 30 min.

http://www.codeproject.com/Articles/227382/Alert-Session-Time-out-in-ASP-Net

http://www.aspsnippets.com/Articles/Display-Session-Timeout-message-before-Session-expires-in-ASPNet.aspx

I hope it’s useful to you.

Best Regards,

Weibo Zhang

Answer 7

User603616845 posted

Hi,

There is two way to do this... either you can do this by web.config or using global.asax.cs file. But I prefer to use global.asax.cs file to do this.

WebConfig

<system.web>
<authentication mode="Forms">
 <forms loginUrl="Login.aspx" protection="All" timeout="30" name=".ASPXAUTH"  path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" />
 </authentication>
</system.web>

Global.asax.cs

protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
        {
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null && authCookie.Value != "")
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

                if (!authTicket.UserData.Equals("OAuth"))
                {
                    LoginPrincipalSerializeModel serializeModel = JsonConvert.DeserializeObject<LoginPrincipalSerializeModel>(authTicket.UserData);
                    if (serializeModel != null)
                    {
                        LoginPrincipal newUser = new LoginPrincipal(authTicket.Name);
                        newUser.UserId = serializeModel.UserId;
                        newUser.UserName = serializeModel.UserName;
                        newUser.UserDisplayName = serializeModel.UserDisplayName;
                        newUser.UserRoles = serializeModel.UserRole;
                        HttpContext.Current.User = newUser;

                        HttpCookie myCookie = new HttpCookie("LoggedUserId");
                        myCookie.Expires = DateTime.Now.AddMinutes(30.0);
                        myCookie.Value = newUser.UserId.ToString();
                        Response.Cookies.Add(myCookie);
                    }
                }
            }

        }

this is code which I am using in my application.

for more info you can visit...

http://www.dotnet-tricks.com/Tutorial/mvc/G54G220114-Custom-Authentication-and-Authorization-in-ASP.NET-MVC.html

Hope this will help you.

thanks