I need to capture an ASP.NET Session Tiemout in a GeneXus X application generated in C#. When a user stay away from keyboard more than N minutes, I would like to request User/password once again without loosing data's changes in webform
View 1 Repliesi have a query regarding Sessions in ASP.Net. The scenario is:
My web application is for Mobile Phone. The default session timeout is 20 minutes. There is an option of "Remember Me", on checking which, the application also stores the permanent cookie whenever user signs in.
Now the requirement is that if the user has logged in with the "Remember Me" option checked and the session has expired due to inactivity for more than 20 minutes and then he tries to do some activity, the user should not be redirected to the login page.
In the sense, the process of authentication should be skipped. It should be taken care of by the application and the user should directly continue with his work. But also if the user signs out, then he should be redirected to the login page for authentication.
Now, the scenarios I can think of are:
1). A check can be made that if user has checked "Remember Me" the authentication process should be skipped so whenever session expires and user do some activity, the authentication part can be done automatically and he will continue with his work. But in that case, once a user has signed in with "Remember Me" option checked, he would never be able to Sign-out unless he deletes his cookies.
2). Refresh(reset) session as soon as it comes to expire. But then its against the requirement.
3). Use of some kind of flag which can be set to some value that states that there was a session time-out. This is the closest option according to me if I get to know how can this flag be used in the application. As if I make it as an Application Variable then it will change with every user's activity and be same for all users. Same is the case with static variable.Is there any other option available?
i would like to redirect user to login page after defining session timeout
how to redirect the user to my login.aspx and how to set session time out within web.config
We have the timeout value set to 120 in our <form> tag within the web.config. We do not have a session timeout set.. and we have various connection strings.
We are having a problem where a session variable will disappear (become NULL) .. but, the form evidently remains 'open'.. or no re-login is required..... so, my question(s):
1. what is the relationship between form timeout and session timeout
2. how do I set session timeout
How to page redirect in Global.asax Session_End ?
View 1 RepliesI need the increase the session timings in online publish server using web.config , which is the maximum limi of session timings
View 1 RepliesI wanna write a method to get or set session timeout at run time.
View 1 RepliesWe have a asp.net application where users will apply for jobs online. When users fill out the form the page isn't timing out the session. If a user goes back to the main page the last user's information is still available.
I have setup many websites and have never had to make any changes on IIS, under the configuration within the website. The default is 20 minutes we can change it to 8 or 10, but I think this issue should be taken care of in the code. The setting will affect the entire site instead of the pages that need to timeout.
What is the best way to do this within the code?
The session state timeout is set using this web.config element
<sessionState mode="InProc" cookieless="false" timeout="120" />
The forms auth is configured using this web.config element
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="30"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
</system.web>
What is the difference between the timeouts specified in each of these elements? If both are different, how would it work?
I have a page of each every click has ajax call to my server (hence, the ASP extends the session)
I have ASP.NET session set to Xmin. I want when X+1 min expires, I have expiration page. what I did was to set the JS timer to validate every x+1min to see if the session expired (the problem is that the JS and the ASP session timeouts are not synced)
In my application. I have a master page where i have a menu control. After login i get the application role in a session. Now based on the application role I need to remove some of the items which are not required for general users.How can we check the menu and remove in master page. I tried below code but its not working.
[Code]....
I created a user control for my web application that checks for Session Timeout. If the criteria are met for Timeout, I use Response.Redirect to send the user back to the login page. I include this user control in my Master page, and run the SessionTimeoutcode in the user control's Page_Init event. That all works great. However, once the user logs in again after time-out (and I have verified that the OnLoggedIn event does fire) the user is redirected to the DestinationPageUrl. That page runs the Session Timeout check when it loads (as it should) and the Session Timeout code "says" that the session is still timed-out.
View 1 RepliesI'm working to set up/correct my session timeout code, and have consulted numerous articles like this one and this SO post for ideas on how best to do this. The solution to detecting a session timeout that I continue to see over and over is to first check the Session.IsNewSession property for true, and if so, then check to see if a session cookie already exists. I guess the logic here is that the user has ended their last session that timed out, started a new session, but the old cookie wasn't yet removed. The code for those checks looks like this:
[CODE]...
The problem is that the session does not end, and all of my session timeout checks are in the Home/Customer action (I use MVC). So I'm redirected to Home/Customer, and I run through the checks above, but when I get to Session.IsNewSession, it's false, because the session is still alive (I assume because I'm still within the 120 minutes I have set)
I want some efficient way that how can i display a message to user that he is about to logout after 1 minute if user is idle and doing nothing on the page for 1 mintue.
on message if user want stay online so he must click keep me online or say logout.
how and where can I capture when a user logs in and its username?I am using a login control..
View 4 RepliesI'm working in a website that is going to work like a landing point, providing a specialized service for many other websites. Users log-in to different sites and those sites have links to my website.
Now, I want to create my website using asp .net, and also I want to be able to use SSO (Single Sign-On) so the users doesn't have to authenticate again when they land on my site.
The problem is that most of the websites that are going to use the services of my site are in php, when users login on these sites, all the authentication process is handled and also a lot of data is fetched into the Session variable; what I want to do is to be able to capture all the data in the session variable coming from the php page, in my asp site.
So far, the only thing I've been able to do in the asp is, ask for a parameter in the url and using that parameter query the database to get all the data that was already in the session in php.
I'm currently working on web application using VB in ASP.NET. Right now I have 1 page with panels that we are using to show/hide depending on the flow. When the user first comes in, he/she is presented with a gridview containing a list of clients. Then the user, clicks a link from a row and is presented a form where he/she can update the clients' info. Originally, I had a HYPERLINKFIELD that put the clientId in the url, then I'd grab the url and do the code appropriately
<asp:HyperLinkField Text='<%$ Resources:Resource, ManageClient %>' DataNavigateUrlFields="CLIENT_ID" DataNavigateUrlFormatString="~/clients/manage.aspx?clientId={0}" />
Now, I'm rethinking that and wondering if it's better to use SESSIONs to grab the clientID via this instead
<asp:TemplateField Visible="false"><ItemTemplate><asp:Label runat="server" ID="hidClientId" Text='<%# Bind("CLIENT_ID")%>' Visible="false" /></ItemTemplate></asp:TemplateField>
<asp:ButtonField Text='<%$ Resources:Resource, ManageClient %>' CommandName="Manage" />
Or use the POST method, which I'm not sure how it works in .NET (but I've used it in PHP)
in my aspx.vb page i have written
Label1.Text = Me.Page.User.Identity.Name
when i do view in browser (without publishing to any server) i see label's text as
abcxyz which is correct
but when i publish it, i dont see any text . I have made setting IIS to allow anonymous users so that anyone can open the wesite and see their computer login id
like abcxyz
Using this code i want to show an modal pop up to the user that "your session will be expired within 5 minutes , Click here [BUTTON] to reset your session" , here's my code :
<asp:Button ID="btnReset" Text="Reset" runat="server" OnClick="ResetSession" />
<br />
Your Session will expire in <span id = "seconds"></span> seconds.
<script type="text/javascript">
function SessionExpireAlert(timeout) {
var seconds = timeout / 1000;
seconds--;
[CODE]...
I have some problems whereby sometimes my application redirects to the login page if the users sessions timesout.
What I'm finding though is that pages that are ajaxified with update panels etc don't appear to redirect to the login correctly.
Meaning that my users come back and click a button and a horrible 'object not set to an instance of an object' error appears.
I was wondering if anyone has a fix for this - or if they recommend some javascript on the page to return the user to login (and therefore load session stuff).
In ASP.NET application's web.config, I have something like this
<sessionState mode="InProc" cookieless="false" timeout="30"/>
Is this the only place where Sessions timeouts are defined Is this timeoout in web.config the only one for all the sessions in the application. Can I not set the session timeouts for each session individually.
IF so, where??
I am looking to use "Keep me Logged-in", where do I have to set the timeout to Maximum
I want to set the session timeout in code so it can come from a configurable value.
Can I just do this in global.asax?
Session.Timeout = value;
I have an asp.net 2.0 application which times out after say 15-20 minutes if user didnt do any activity and presses a button on the page(he is redirected to sessionExpired.aspx page). I have set the session timeout to 60 minutes in my web.config file but still somehow the user is timed out.
I have another question related to this regarding the Session Timeout Precedence. Does IIS session timeout take priority over ASP.NET session timeout. Say if IIS session timeout is set to 20 minutes and ASP.NET session timeout is 60 minutes, does ASP.NET override IIS session timeout.
My client wants 2 separate login pages for an ASP.Net app, one for regular users, one for support staff. I am using the standard FormAuthentication component for authentication. Is it possible to redirect a regular user to one login page after a timeout, and also to redirect an admin user to a different page after a timeout? The loginUrl attribute of <forms> in web.config is read-only, and cannot be edited at runtime.
Regular User -> Timeout -> Login.aspx
Support User ->Timeout -> SupportLogin.aspx
I'm using the ASP.NET login control.
How can I set the session timeout?