All geek questions in one place

What is the best approach for handling session timeouts in asp.net

There are various ways to handle session timeouts, such as "meta refreshes" javascript for load functions, etc.

I would like something like: 5 minutes before the timeout, warn the user ...

I am also considering opening a session as long as the browser is open (you still need to figure out how to do this, though ... maybe some iframes with the update).

How do you handle session timeouts, and in which direction do you think I should go?

+4
source share
3 answers

The best approach for handling session timeouts.

I say that there are 2 main cases.
One of them is when users enter little or no data, and just read reports, or think little with the mouse. In this case, there is no easy way to tell him that the session will expire. If you check the time remaining before the session calling the code behind, then automatically renew the session. Then, if you have a timer to count the session, then maybe the user has a new tab in your website open and the session expires, but not the time you noticed using javascript and the user received the wrong message.

So, for me, when a user enters little or no data, just let the session expire, if he loses one click, he will do it later.

Secondly, when the user needs to enter a lot of data , it may take some time, for example, a long text to write and fix it. In this case, I use the method below, and I do not allow the session to exit.

How to keep a session open as long as the browser.

Here is a very nice and simple method, I am using an image that I am reloading before the session is timed out using JavaScript.

<img id="keepAliveIMG" width="1" height="1" src="/img/ui/spacer.gif?" /> <script language="javascript" type="text/javascript"> var myImg = document.getElementById("keepAliveIMG"); if (myImg){ window.setInterval(function(){ myImg.src = myImg.src.replace(/\?.*$/, '?' + Math.random()); }, 6000); } </script>

In the third case, you can do this. We take care that the session ends only after publication. When the user enters some data, and in the message back, the application redirects him to the login page and the message is lost.

In this third case, you can record the message data and save it until the user re-logs in. You write message data to global.asax at

 protected void Application_AuthenticateRequest(Object sender, EventArgs e)

This is a function that is called before being redirected to the login page, and there you can see if you have data for publication and use necessary for entering the system, you save this data, broadcast to a new redirect page, broadcast to the server (possibly in a session, possibly on your temporary database).

Now, after logging in again, you redirect it again to the last page with saved messages, and the user continues to work as is.

The only trick here is to make a middle page that displays the form with the latest published data and automatically redirects the javascript call.

+3
source

The only thing I can think of is to create a script page on the page that creates a client timer so that when it receives and displays the page, it can display an alert X-minutes later (it expires 5 minutes).

If you prefer the session to remain live, you can do this with a shared handler (ASHX), which you periodically call through AJAX. This will help refresh the session, and it should stay alive as long as AJAX calls continue.

Example "keepalive.ASHX":

 <%@ WebHandler Language="C#" Class="keepalive" %> using System; public class keepalive : System.Web.IHttpHandler { public void ProcessRequest (System.Web.HttpContext context) { context.Response.ContentType = "text/json"; var thisUser = System.Web.Security.Membership.GetUser(); if (thisUser != null) context.Response.Write("[{\"User\": \"" + thisUser.UserName + "\"}]"); } public bool IsReusable { get { return false; } } }

And here is the script on the page to call (with jQuery for simplicity):

 <script type='text/javascript'> function keepAliveInterval() { $.ajax( { url: "keepalive.ashx", context: document.body, error: function () { alert("AJAX keepalive.ashx error :("); } }); } $(document).ready(function () { window.setInterval('keepAliveInterval()', 60000); }); </script>
+1
source

Use some jquery in which the keys are disconnected from the session timeout variable in the web.config file. You can use this Jquery delay trick, which, when a certain time occurs (x number of minutes after loading the page), a div popup window appears indicating the session timeout for x minutes. Nice, clean and fairly basic.

As for the session timeout, calling Codesleuth ajax would be ideal.

0
source

Source: https://habr.com/ru/post/1316541/

More articles:


All Articles