State Management :: How To Catch Session Timeout Exception
Jun 25, 2010
I need to create a small web application. The first thing I need to do is to develop the login, logout and user session management functionality. I wanted to use a masterpage and a usercontrol for this purpose. When a user open the page and IS LOGGED IN, the usercontrol should something like this:
"Hello Username! <a>Logout</a>"
And if he is NOT LOGGED IN, the Usercontrol should show something like this
"Login | Logout"
When he clicks on the Login Button the Login-page should be opened. How can I build a Usercontrol which does the above thing. (I have never build a usercontrol and used it in a masterpage before!) The second problem is a little bit komplexer: What happens if the user idles some times and after that time (for example 30minutes) comes back to his pc and wants to execute an action in the web application. Normally he should get an session timeout asp.net exception. I don't want that the user sees this asp.net errorpage, I want to redirect him to the Login Page and he should relogin and gets an error message shown something like "You were timed out. Please login again".
We have the timeout value set to 120 in our <form> tag within the web.config. We do not have a session timeout set.. and we have various connection strings.
We are having a problem where a session variable will disappear (become NULL) .. but, the form evidently remains 'open'.. or no re-login is required..... so, my question(s):
1. what is the relationship between form timeout and session timeout
I am building a web app that is limited to one database, therefore I cannot use the ASP.NET config tool. As a quick means of getting this app online, I tried to use a simple session variable. The login page verifies the user's credentials, and if they pass, it sets the session variable to a certain value. All other pages check in the page_load event whether or not the session variable is equal to that value. The problem is that once being logged in for a short while and sending and recieving some data, the session variable resets, and I'm returned to the login page to repeat the process. Here's the basic code from my webforms:
[code]....
Is there some setting I need to change in the web.config file to adjust the cookie timeout or is that only for the config tool authentication methods?
I have created an ASP.NET Intranet Application in framework 2.0.
I have deployed this application on my Local Intranet Server and client are accessing the application in thier browsers. What is happening is that i have set session timeout value to 90 mins but it still move to redirect page after 5 or 6 mins inactivity.
My requirement is whenever a user logged in the application, the application should never go on the login page back, bu when user clicks log out button then it should redirect on login page.
I have a section in my web app that displays the user's name, the current datetime and a logout link. What i would also like to display is the time left for the session.Is this possible? I'm using an ajax timer to give the user the real time, so if i could display also the time that is left for the session to end would be great.
But my Website has one thing that still causing problems... the Website calls an ActiveX. Some time in the user navigation the user clicks in a button and a JavaScript loads an ActiveX with the code bellow.
var objDownload = new ActiveXObject('XXXXXX'); objDownload.ActiveXMethod();
This ActiveX makes a huge processing and this is why I'm want the trick to avoid the session expires. I tested the both above solutions but when the ActiveX is running no refresh happens. Can anyone help with this problem? How the ActiveX can be running and the IE makes the refresh?
i have my website uploaded on production server . i have stored datatable for around 70 rows and 20 columns in session but with still only with 10 users.but my server in getting timeout too often.my server ram is 4gb and is dedicated server.i am currently using inproc session only.How much data can we store in session in current scenario. or i need to change my apparoch. in future my website is expand with many users .
I have a default 30 min session timeout for normal users. Now i want to set 1 hour time out for admin users. Can someone guide me how to acomplish this.
I am creating web application. In that I want to set session timeout (not idle timeout). If a user logged in that time the session time will start and it automatically should detect session timeout the page should redirect to another page. How can I acheive this.
for Business needs i am planning to increase the session timeout to 2 hours(120 min) in one application, i am using sql server session state. if i increase to 2 hours of session time out, how it will effect the performance of application and web server.
i have a query regarding Sessions in ASP.Net. The scenario is:
My web application is for Mobile Phone. The default session timeout is 20 minutes. There is an option of "Remember Me", on checking which, the application also stores the permanent cookie whenever user signs in.
Now the requirement is that if the user has logged in with the "Remember Me" option checked and the session has expired due to inactivity for more than 20 minutes and then he tries to do some activity, the user should not be redirected to the login page.
In the sense, the process of authentication should be skipped. It should be taken care of by the application and the user should directly continue with his work. But also if the user signs out, then he should be redirected to the login page for authentication.
Now, the scenarios I can think of are:
1). A check can be made that if user has checked "Remember Me" the authentication process should be skipped so whenever session expires and user do some activity, the authentication part can be done automatically and he will continue with his work. But in that case, once a user has signed in with "Remember Me" option checked, he would never be able to Sign-out unless he deletes his cookies.
2). Refresh(reset) session as soon as it comes to expire. But then its against the requirement.
3). Use of some kind of flag which can be set to some value that states that there was a session time-out. This is the closest option according to me if I get to know how can this flag be used in the application. As if I make it as an Application Variable then it will change with every user's activity and be same for all users. Same is the case with static variable.Is there any other option available?
How can I remove or Dispose a session once user navigate from one page to other. I just want to use a session which should expire when user navigate to other page..its same like view state..we don't get viewstate information on page to page. why session: i need to keep one value on page constant on page refresh where as Viewstate will be reset to null on page refresh...and i just don't want to use that session once user navigate to other pages.. where i need to plcae the session dispose in page events or methods?..or is there any way to keep viewstate on page refresh?
In my web application, I want to alert users 5 minutes before their session timeout. If the users want, they can either extend their session or ignore the mssage - in which case after session timeout they will be redirected to the login page (I'm also using forms authentication in my site, so have set the authentication cookie expire time to the session timeout).I know I can do the alert with window.setTimeout, but I want to get user's respond and refresh the page if they want a session extension. How can I do that, in which event and whether I can do this in C# code behind. And also, should I implement this in the base page or somewhere else? How can I implement the auto page refresh - should I use a hidden button and click it from Javascript?
How to set session timeout and clear session in web.config and login.aspx ? And when we close the web application , the session must be cleared? I have use session.abandon as per below but is not working.
How to prevent Session.Timeout extension on certain event from codebehind?
What I do - I have Session Timeout configured in Web.config file for 10 minutes. Also, I have in my webpage1.aspx, an ASP.NET AJAX control ModalPopup which shows into the page 9 minutes after the user stopped sending requests to webpage1.aspx. I did this with this code:
[Code]....
[Code]....
So, my initial calculations was that 1 minute before the session ends, i'll inform the user something with the ModalPopup. The problem is that when this Timer1_Tick event triggers, the session.timeout renew ( or extends ) and the session ends 10 minutes later (if user still don't send any request from his browser).
Can I write code in Timer1_Tick event which prevent session extension?
I have an scenario where, in the test server the timeout works fine, as defined in the web.config (60 minutes) but it ends prematurely (3 minutes or so) in the MSSQL server. Both are using tables from the MSSQL, the only difference resides in the App_Data folder, which is not in the MSSQL server, as the roles and membership are managed by the LocalSqlServer.
We currently have a public-facing .Net 4 application running with the default session timeout value of 20 mins. Are there any significant security risks with lengthening that to 60 mins or longer?
