Asp.net session expiration redirected to login page
The trick to remember about session expiration is that it happens in a workflow running behind the scenes and there is no direct way to notify the user without going back to the server to check the state of things.
What I do is that there is a Javascript block registered on the page, which redirects the user to the login page again after the specified timeout:
Page.ClientScript.RegisterStartupScript(Me.GetType, "TimeoutScript",
"setTimeout(""top.location.href = '~/Login.aspx'""," &
ConfigurationManager.AppSettings("SessionTimeoutMilliseconds") & ");", True)
You will notice that I have the actual milliseconds stored in my web.config file so that I can adjust the timeout length as needed.
Using this in conjunction with the typical Session_End event in the Global.asax file makes for a pretty clean way of handling session timeouts in my web applications.
source to share
Kind of late answer, but if you are using the standard asp.net membership provider you can use the below config as well.
The basic idea is to end the cookie + session validation session at the same time. The automatic behavior of asp.net would take you back to a specific login page. The "slideExpiration" attribute in the auth cookie must be "true" to extend its life during a session.
<system.web>
<sessionState mode="InProc" cookieless="false" timeout="20" />
<authentication mode="Forms">
<forms name=".SAMPLESITEAUTH" loginUrl="~/Login.aspx" protection="All" timeout="20" slidingExpiration="true" path="/" cookieless="UseCookies"></forms>
</authentication>
</system.web>
source to share
One parameter instead of setting a client-side timer for blind redirection is for the timer to hit a small web service that could indicate whether the user should be redirected. What it does gives you much more flexibility, you can redirect the user in many cases, including:
- Session expired
- The same user account registered on a different machine
- The site goes into maintneance mode and you want to disconnect users.
I have used this method with great success to handle multiple user accounts. As far as the processing session is concerned, you would really like to listen for the session timeout, even after that, storing in the hash table whose session was disconnected.
When this user calls the web service, you remove them from the hash and tell the client code to redirect them.
Another nice thing about this type of system is that you can track when the browser hits the server so you can better understand who else is online.
EDIT
In response to the comment below:
I don't think calling a public method would be cleaner. Once you do this, you make the assumption that all pages have a common master page or a common base class. I would not like to make this assumption. Also, if you are going to use the PageMethods approach, this will not work, as PageMethods must be static.
I'm not entirely sure of your intentions, but if you are going to call this method on every request, I would do it using an http module and hook into a pipeline; however, this only works when the query is executed. By using a client side timer web service, you can redirect the user even if they don't make any requests.
source to share
Bellow Answer is the best example ever ......
Better to try this way:
Page.ClientScript.RegisterStartupScript(Me.GetType, "TimeoutScript", "setTimeout(""top.location.href = '~/Login.aspx'""," & ConfigurationManager.AppSettings("SessionTimeoutMilliseconds") & ");", True)
You will notice that I have the actual milliseconds stored in my web.config file so that I can adjust the timeout length as needed.
Using this in conjunction with the typical Session_End event in the Global.asax file makes for a pretty clean way of handling session timeouts in my web applications.
Regards, Nagaraju R || Dell PerotSystems ||
source to share