Geek Answers Handbook

How do websites typically register users automatically after a session expires?

How do websites usually register users and automatically send them to the login screen after a user session expires? Is this done using ajax or using async handlers? Can you give me some explanation.

+4
source share
4 answers

Use a cookie as well as a session.

  • Cookie should be set when the session has started.
  • If the cookie is present, but the session is lost, redirecting to the site the login screen.
  • If there is no session and no cookie do nothing

(forgive me if you cannot do this because I never used ASP and based my answer on PHP knowledge)

+1
source

Banks and such use a client-side timeout via javascript or something similar. In fact, the server processes the actual session, so if you turned off the logic on the client side, it will act as if you were trying to make transactions while logging out.

+4
source

Typically, you set a timestamp for the expiration of your session identifier cookie. When the cookie cannot be sent, the client will log out (without the given session identifier).

This method is often combined with JavaScript and another timestamp. When the timers begin to work, a notification is sent that allows the user to "update" his session ... essentially by making a request before the session expires.

The "refresh" request can be anything, even something as simple as loading an image.

+1
source

If you use Tomcat, you can use the built-in <security-constraint> mechanism in your web.xml definition. All the time, the login screen and page redirects are handled by Tomcat with little effort on your part other than definitions.

Oh, IIS ... never mind.

0
source

More articles:


All Articles