locked
Session Expiry in ASP.Net RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I would like display a message to the enduser before 5 min of the session expires as per client requirement.

    It would be great help if anybody can clarify.

    Thanks,

    Venkati

     

    Thursday, October 13, 2011 9:45 AM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    There are dedicated forums for ASP.NET located at: http://forums.asp.net/ You'll find that you'll bet much better answers there.

    As for your requirement, as pages and the server usually aren't constantly connected, it is impossible to show a timeout warning to the user in a consistent manner. Querying the timeout usually resets the sliding expiration, causing the timeout to never occur. Storing a time in each page works only if you're not using frames and if the user doesn't use multiple browser windows or tabbed browsing.

    My advice: tell your customer to not rewrite his requirement.

    Usually these kind of requirements are meant to ensure no data is lost by submitting a form after the session has expired. And this usually happens because of bad designs. It is very simple to capture the data being posted to the server and the location the user was at, start a new session and re-populate the session from the form post after a successful user authentication. You only need to make sure that you include enough information in the form (in a hidden field for example) to restore the session if needed. It might be something as simple as a session token which links to the stored session in a database. This allows you to let the actual session expire, but still provide the user with a great user experience.


    Thursday, October 13, 2011 10:28 AM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    There are dedicated forums for ASP.NET located at: http://forums.asp.net/ You'll find that you'll bet much better answers there.

    As for your requirement, as pages and the server usually aren't constantly connected, it is impossible to show a timeout warning to the user in a consistent manner. Querying the timeout usually resets the sliding expiration, causing the timeout to never occur. Storing a time in each page works only if you're not using frames and if the user doesn't use multiple browser windows or tabbed browsing.

    My advice: tell your customer to not rewrite his requirement.

    Usually these kind of requirements are meant to ensure no data is lost by submitting a form after the session has expired. And this usually happens because of bad designs. It is very simple to capture the data being posted to the server and the location the user was at, start a new session and re-populate the session from the form post after a successful user authentication. You only need to make sure that you include enough information in the form (in a hidden field for example) to restore the session if needed. It might be something as simple as a session token which links to the stored session in a database. This allows you to let the actual session expire, but still provide the user with a great user experience.


    Thursday, October 13, 2011 10:28 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Venkati,
    Welcome to the MSDN forum!

    Just like Jesse have mentioned, there is a dedicated forum for ASP.NET issue: http://forums.asp.net/. You can contact more ASP.NET experts there.

    Thank you for your understanding and have a nice day!
    Yoyo. 

     

    Yoyo Jiang[MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, October 17, 2011 8:12 AM
    Moderator