0

I'm looking to include a behavior in the base page that, when the session times out (after say 20 min), makes a call back to the client, erases the session cookie, and redirects the user to a "your session has timed out" page.

Before I start coding, I was wondering if there's a functionality in the framework that already handles this.

Thanks.

frenchie
  • 51,731
  • 109
  • 304
  • 510

3 Answers3

1

try this

<script language='javascript'>
function SessionTimeOuts()
{  
     self.setTimeout("RedirectToLogin();", 'any time period you wish to put here');
}

function RedirectToLogin()
{ 
     alert('Your session has expired.');
     window.location.href = 'login.aspx'

//any page where you want the redirection
}

</script>

<BODY onload=SessionTimeOuts()'>
santosh singh
  • 27,666
  • 26
  • 83
  • 129
  • At first, I thought this was great but then I thought that if the session expiration is handled by javascript, it can be tampered with. Is there a way for the server to call back the page? – frenchie Apr 03 '11 at 02:50
  • There is no way how to do a call back from the server without using javascript (or Silverlight, etc...). So it will be always vulnerable to changes on client side. Solution from geek can be enhanced by proper configuration of session and authentication cookie timeouts. See http://stackoverflow.com/questions/1470777/forms-authentication-timeout-vs-session-timeout. Attacker can still modify (or just disable) this javascript but he will be redirected to login page on a next request after session expiration.May be it it is more simple to use http redirect instead of this javascript. – Jakub Linhart Apr 03 '11 at 10:06
0

ASP.NET MembershipProvider should handle this for you

Jason
  • 86,222
  • 15
  • 131
  • 146
0

Correct me if I am wrong but ASP.Net is already doing this. All you have to do just send an interval value to the client after each postback or ajax call. And with this interval you will also have to execute a timeout function that says "your session has expired" dialog as @geek mentioned below.

Mert Susur
  • 583
  • 7
  • 17