Questions About Session Timeout

  • Thread starter Thread starter Joey
  • Start date Start date
J

Joey

I have an asp.net 2.0 app written in C# and VS2005. I sometimes have
issues where users leave a page onscreen and then come back to it a
few hours later and try to continue working. Of course, it doesn't
work then. Currently they will encounter some sort of error message
because the session has timed out.

I need to develop a way to handle this!

Some questions:

1) If I want to set my session to timeout at 30 minutes, what should i
set for session timeout both in IIS config and in the web.config file,
for forms authentication.

2) When I am using my online banking website, my webpage automatically
logs me out after a set amount of time. How do I do that with my code?

Thanks in advance for your help!
 
I have an asp.net 2.0 app written in C# and VS2005. I sometimes have
issues where users leave a page onscreen and then come back to it a
few hours later and try to continue working. Of course, it doesn't
work then. Currently they will encounter some sort of error message
because the session has timed out.

I need to develop a way to handle this!

Some questions:
Click to expand...
2) When I am using my online banking website, my webpage automatically
logs me out after a set amount of time. How do I do that with my code?

Thanks in advance for your help!
Click to expand...

You can have a javascript timer in your html page, that redirects to some
"session expired" page after the session should have timed out.
Just be careful: the session timeout is in minutes and javascript
works in milliseconds.
It's not possible to wire up some "SessionEnd" event to redirect the
browser anywhere, as that event happens on the server long after the
last request has been served.

Hans Kesting
 
1. I'd set them both to 30 minutes. The IIS config will handle the
session state, and the forms auth will handle the authentication cookie.

2. This is what the auth cookie lifetime is for, which you set in the
forms auth section of the web.config. Once this lifetime expires, the
cookie is deleted (effectively logging you out).


Steve C.
MCSD,MCAD,MCSE,MCP+I,CNE,CNA,CCNA
 
Or just test Session.IsNewSession on the next round trip.

If the timeout for authentication is lower than the session timeout you
should even have thsi done for use as the authentication module will
redirect anyway the user to the login page...
 
I have an asp.net 2.0 app written in C# and VS2005. I sometimes have
issues where users leave a page onscreen and then come back to it a
few hours later and try to continue working. Of course, it doesn't
work then. Currently they will encounter some sort of error message
because the session has timed out.

I need to develop a way to handle this!

Some questions:

1) If I want to set my session to timeout at 30 minutes, what should i
set for session timeout both in IIS config and in the web.config file,
for forms authentication.

2) When I am using my online banking website, my webpage automatically
logs me out after a set amount of time. How do I do that with my code?

Thanks in advance for your help!
Click to expand...

This wigit worked quite nicely for me. It stops the users who have
timed-out from generating exceptions.

http://www.eggheadcafe.com/articles/20051228.asp
 
Back
Top