Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / web / ASP.NET
 

Session Timeout Notification

2.71/5 (6 votes)
26 Nov 2009CPOL2 min read 28.9K  
IntroductionSession management is a powerful concept in ASP.net. It’s provides 4 techniques to manage the session.In Proc (Default)– Most applications will use. State server SQL server – For scalable scenarios like web clustering etc. Custom (very rare) The beauty of sess

Introduction

Session management is a powerful concept in ASP.net. It’s provides 4 techniques to manage the session.

  1. In Proc (Default)– Most applications will use.
  2. State server
  3. SQL server – For scalable scenarios like web clustering etc.
  4. Custom (very rare)

The beauty of session management in asp.net is without changing current coding we can use these management techniques in administration mode.

Please refer my blog entry for more details.

Background

In any of the above cases, the session supposed to be timeout. It will handle by the asp.net runtime, which we can set in the web.config <sessionState timeout="1" />. Default timeout is 20 mins. Which means after 20 min session will become abandon and if you are not correctly handle it will leads to system crash. What general recommendation is, always check null of the session item that you’re going to refer. But in most user oriented application, we should notify the user that ,"Hello your current session has expired, what do you want to do?"

How to achieve this?

Using the code

If use In-Proc, it will automatically fire up session_end event which you can handle in Global.asax file. In rest of techniques this event will be ignored.

There are some workarounds to overcome this, but I’ll illustrate a simple trick, a pattern called “heartbeat”, that I’ve used in couple of my projects (especially in non AJAX applications).

In a nutshell, application will poll elapse time from the last post back and when it reaches to the time setup for session timeout, it will redirect to a page in which completely destroy the session.

Without talking much let’s see how it is working.

  1. By considering the session time out ,we will generate a javascript and register to the page. As you can see in the following code snippet, I’ve attached logout() to the windows.onload event. (In non AJAX case this is always true. ) After time has expired it will redirect to the Timeout.aspx page, where user can retry the application.
    C#
    ClientScriptManager cm = Page.ClientScript;
if(!cm.IsClientScriptBlockRegistered(Page.GetType(),"session_timout"))
{
    StringBuilder sb = new StringBuilder();
    
    sb.Append("function logout(){");
    sb.Append("alert('Session has expired');");
    sb.Append("window.location.href='http://www.codeproject.com/Timeout.aspx';");
    sb.Append("}");
    sb.Append("window.onload = function(){var t=setTimeout(\"logout()\",");
    // We have to convert into millisec.
    sb.Append(Session.Timeout * 1000*60);
    sb.Append(");}");
    cm.RegisterStartupScript(Page.GetType(), "session_timout", sb.ToString(), true);

}
  2. Set up the Session Time out in the web.config
    XML
    <system.web>
        ...
  <!-- set to 1 min for the sake of demonstration -->
  <sessionState timeout="1" />
        ...
</system.web>

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2009 by Kelum W. Ganegoda
Everything else Copyright © CodeProject, 1999-2025

Web01 2.8:2024-12-08:1