Professional Documents
Culture Documents
NET Samples
Introduction
One of the requirements in my project was to warn users about the session expiry. Though it looks like a simple requirement for the end users, it is not the c ase for developers and designers. We need to deal with lot of sc enarios in the real time application. What is the best way to achieve the objec tive? Some of the challenges would be like 1. Session is a sliding expiry value. It gets extended every time there is a post bac k. 2. There are multiple ways that you can handle this scenario and each of them has its own technical challenges.
Approaches
Following section will try to cover few of the approaches to handle session expiry.
<script language="javascript" type="text/javascript"> var sessionTimeoutWarning = "<%= System.Configuration.ConfigurationSettings.AppSettings["SessionWarning"].ToString()%>"; var sessionTimeout = "<%= Session.Timeout %>"; var sTimeout = parseInt(sessionTimeoutWarning) * 60 * 1000; setTimeout('SessionWarning()', sTimeout); function SessionWarning() { var message = "Your session will expire in another " + (parseInt(sessionTimeout) parseInt(sessionTimeoutWarning)) + " mins! Please Save the data before the session expires"; alert(message); } </script>
sessionTimeoutWarning: is a predefined value in the application configuration. Say 18 minutes. sessionTimeout: Holds the session timeout interval. Say 20 minutes. In c ase the user does not do any post bac k on the page for about 18 minutes, he will be warned about the session expiry.
2. Provide a simple alert and then redirect the user to home page or login page.
<script language="javascript" type="text/javascript"> var sessionTimeoutWarning = "<%= System.Configuration.ConfigurationSettings.AppSettings["SessionWarning"].ToString()%>"; var sessionTimeout = "<%= Session.Timeout %>"; var timeOnPageLoad = new Date(); //For warning setTimeout('SessionWarning()', parseInt(sessionTimeoutWarning) * 60 * 1000); //To redirect to the welcome page setTimeout('RedirectToWelcomePage()',parseInt(sessionTimeout) * 60 * 1000); //Session Warning function SessionWarning() { //minutes left for expiry var minutesForExpiry = (parseInt(sessionTimeout) parseInt(sessionTimeoutWarning)); var message = "Your session will expire in another " + minutesForExpiry + " mins! Please Save the data before the session expires"; alert(message); var currentTime = new Date(); //time for expiry var timeForExpiry = timeOnPageLoad.setMinutes(timeOnPageLoad.getMinutes() + parseInt(sessionTimeout)); //Current time is greater than the expiry time if(Date.parse(currentTime) > timeForExpiry) { alert("Session expired. You will be redirected to welcome page"); window.location = "../Welcome.aspx"; } } //Session timeout function RedirectToWelcomePage(){ alert("Session expired. You will be redirected to welcome page"); window.location = "../Welcome.aspx"; } </script>
In this approach, the user will be warned about the session timeout. If user does not save or do any post bac k, he would be redirec ted to the login or home page, once the session interval time expires.
setTimeout('RedirectToWelcomePage()',parseInt(sessionTimeout) * 60 * 1000); //Session Warning function SessionWarning() { //minutes left for expiry var minutesForExpiry = (parseInt(sessionTimeout) parseInt(sessionTimeoutWarning)); var message = "Your session will expire in another " + minutesForExpiry + " mins. Do you want to extend the session?"; //Confirm the user if he wants to extend the session answer = confirm(message); //if yes, extend the session. if(answer) { var img = new Image(1, 1); img.src = 'KeepAlive.aspx?date=' + escape(new Date()); //Clear the RedirectToWelcomePage method if (redirectToWelcomePageTimer != null) { clearTimeout(redirectToWelcomePageTimer); } //reset the time on page load timeOnPageLoad = new Date(); sessionWarningTimer = setTimeout('SessionWarning()', parseInt(sessionTimeoutWarning) * 60 * 1000); //To redirect to the welcome page redirectToWelcomePageTimer = setTimeout('RedirectToWelcomePage()',parseInt(sessionTimeout) * 60 * 1000); } //************************* //Even after clicking ok(extending session) or cancel button, if the session time is over. Then exit the session. var currentTime = new Date(); //time for expiry var timeForExpiry = timeOnPageLoad.setMinutes(timeOnPageLoad.getMinutes() + parseInt(sessionTimeout)); //Current time is greater than the expiry time if(Date.parse(currentTime) > timeForExpiry) { alert("Session expired. You will be redirected to welcome page"); window.location = "../Welcome.aspx"; } //************************** } //Session timeout function RedirectToWelcomePage(){ alert("Session expired. You will be redirected to welcome page"); window.location = "../Welcome.aspx"; } </script>
In this approach, the user will be warned about the session timeout and provides the ability to extend user session. If the user confirms to extend the session, it gets extended. If user c onfirms after the
session expiry timeout limit, even then the user will be logged out. Following lines of c ode is used to extend the user session. Where 'KeepAlive.aspx is dummy page in the website. var img = new Image(1, 1); img.src = 'KeepAlive.aspx?date=' + escape(new Date()); Note: In all the above sc enarios, I am assuming SetTimeout method and session related variables will be reset whenever there is a post back. This may not work 100%, when there could be partial rendering and the SetTimeout method and session related variables may not be reset. All files are in Samples folder
References
http://www.c odeprojec t.com/KB/scripting/Session_Timeout.aspx http://forums.asp.net/t/1207721.aspx/2/10
License
This article, along with any associated sourc e code and files, is licensed under The Code Project Open Lic ense (CPOL)