State Management :: Session Variable Authentication State Timeout?
Dec 3, 2010
I am building a web app that is limited to one database, therefore I cannot use the ASP.NET config tool. As a quick means of getting this app online, I tried to use a simple session variable. The login page verifies the user's credentials, and if they pass, it sets the session variable to a certain value. All other pages check in the page_load event whether or not the session variable is equal to that value. The problem is that once being logged in for a short while and sending and recieving some data, the session variable resets, and I'm returned to the login page to repeat the process. Here's the basic code from my webforms:
Is there some setting I need to change in the web.config file to adjust the cookie timeout or is that only for the config tool authentication methods?
I have created an ASP.NET Intranet Application in framework 2.0.
I have deployed this application on my Local Intranet Server and client are accessing the application in thier browsers. What is happening is that i have set session timeout value to 90 mins but it still move to redirect page after 5 or 6 mins inactivity.
My requirement is whenever a user logged in the application, the application should never go on the login page back, bu when user clicks log out button then it should redirect on login page.
I have a section in my web app that displays the user's name, the current datetime and a logout link. What i would also like to display is the time left for the session.Is this possible? I'm using an ajax timer to give the user the real time, so if i could display also the time that is left for the session to end would be great.
var objDownload = new ActiveXObject('XXXXXX'); objDownload.ActiveXMethod();
This ActiveX makes a huge processing and this is why I'm want the trick to avoid the session expires. I tested the both above solutions but when the ActiveX is running no refresh happens. Can anyone help with this problem? How the ActiveX can be running and the IE makes the refresh?
i have my website uploaded on production server . i have stored datatable for around 70 rows and 20 columns in session but with still only with 10 users.but my server in getting timeout too often.my server ram is 4gb and is dedicated server.i am currently using inproc session only.How much data can we store in session in current scenario. or i need to change my apparoch. in future my website is expand with many users .
I am creating web application. In that I want to set session timeout (not idle timeout). If a user logged in that time the session time will start and it automatically should detect session timeout the page should redirect to another page. How can I acheive this.
I need to create a small web application. The first thing I need to do is to develop the login, logout and user session management functionality. I wanted to use a masterpage and a usercontrol for this purpose. When a user open the page and IS LOGGED IN, the usercontrol should something like this: "Hello Username! <a>Logout</a>" And if he is NOT LOGGED IN, the Usercontrol should show something like this "Login | Logout"
When he clicks on the Login Button the Login-page should be opened. How can I build a Usercontrol which does the above thing. (I have never build a usercontrol and used it in a masterpage before!) The second problem is a little bit komplexer: What happens if the user idles some times and after that time (for example 30minutes) comes back to his pc and wants to execute an action in the web application. Normally he should get an session timeout asp.net exception. I don't want that the user sees this asp.net errorpage, I want to redirect him to the Login Page and he should relogin and gets an error message shown something like "You were timed out. Please login again".
for Business needs i am planning to increase the session timeout to 2 hours(120 min) in one application, i am using sql server session state. if i increase to 2 hours of session time out, how it will effect the performance of application and web server.
i have a query regarding Sessions in ASP.Net. The scenario is:
My web application is for Mobile Phone. The default session timeout is 20 minutes. There is an option of "Remember Me", on checking which, the application also stores the permanent cookie whenever user signs in.
Now the requirement is that if the user has logged in with the "Remember Me" option checked and the session has expired due to inactivity for more than 20 minutes and then he tries to do some activity, the user should not be redirected to the login page.
In the sense, the process of authentication should be skipped. It should be taken care of by the application and the user should directly continue with his work. But also if the user signs out, then he should be redirected to the login page for authentication.
Now, the scenarios I can think of are:
1). A check can be made that if user has checked "Remember Me" the authentication process should be skipped so whenever session expires and user do some activity, the authentication part can be done automatically and he will continue with his work. But in that case, once a user has signed in with "Remember Me" option checked, he would never be able to Sign-out unless he deletes his cookies.
2). Refresh(reset) session as soon as it comes to expire. But then its against the requirement.
3). Use of some kind of flag which can be set to some value that states that there was a session time-out. This is the closest option according to me if I get to know how can this flag be used in the application. As if I make it as an Application Variable then it will change with every user's activity and be same for all users. Same is the case with static variable.Is there any other option available?
How can I remove or Dispose a session once user navigate from one page to other. I just want to use a session which should expire when user navigate to other page..its same like view state..we don't get viewstate information on page to page. why session: i need to keep one value on page constant on page refresh where as Viewstate will be reset to null on page refresh...and i just don't want to use that session once user navigate to other pages.. where i need to plcae the session dispose in page events or methods?..or is there any way to keep viewstate on page refresh?
I have a web application which uses a session variable to store the logged in userid. If no user is logged in, of course this variable will be empty and the contents displayed on my website are meant for guests. If there is a user logged in, the user specific controls/access/links will then be a displayed.
I am now having issues with my hosting where on shared application pool, the worker recycle is triggered every 90 minutes, this will clear sessions causing all my users to be logged out. I opted for a dedicated application pool, which got worse because I am only allocated 50MB memory limit and if this is reached, the worker recycle is triggered and I lose my sessions again. I have tried as much as possible optimization techniques, e.g. dispose where possible, close connections, disable viewstate for static controls etc but my memory per instance keeps building up from page to page without any signs of improvement. I don't use loops nor store huge objects like bitmaps etc but my sessions are now gone even faster than 90 minutes in shared application pool before.
I have considered using SQL Session State but there isn't a simple guide on using this with MySQL. I am getting desperate and considering using a public variable, a string as a replacement to store logged in user id instead of in a session variable. I am pretty sure this will solve my issue with sessions being recycled but are there any negative consequences of doing this? One problem I can think of is if the user closes the browser, the system will never know that the user is now logged out and this public variable should be nothing. In this scenario, will the GC eventually clear this abandoned public variable.
How to set session timeout and clear session in web.config and login.aspx ? And when we close the web application , the session must be cleared? I have use session.abandon as per below but is not working.
How to prevent Session.Timeout extension on certain event from codebehind?
What I do - I have Session Timeout configured in Web.config file for 10 minutes. Also, I have in my webpage1.aspx, an ASP.NET AJAX control ModalPopup which shows into the page 9 minutes after the user stopped sending requests to webpage1.aspx. I did this with this code:
So, my initial calculations was that 1 minute before the session ends, i'll inform the user something with the ModalPopup. The problem is that when this Timer1_Tick event triggers, the session.timeout renew ( or extends ) and the session ends 10 minutes later (if user still don't send any request from his browser).
Can I write code in Timer1_Tick event which prevent session extension?
I have an scenario where, in the test server the timeout works fine, as defined in the web.config (60 minutes) but it ends prematurely (3 minutes or so) in the MSSQL server. Both are using tables from the MSSQL, the only difference resides in the App_Data folder, which is not in the MSSQL server, as the roles and membership are managed by the LocalSqlServer.