Problem:
you use session on your page. and user could stay or idle away for quite time. and when he return session is expired and he click something that will throws error.
1. we need to detect if user idle
2. we need a server side to detect if session expired when he click links or take something from your ashx.
Solution 1:
So in order to achieve giving warning let’s say about 2 minutes before timeout. than you need to detect user idle or not via javascript.
i’ve found a usefull Plugin . and we can combine that with facebox to give a nice facebook alert.
Explanation:
On ASP world the session is maintain as long as there’s movement of user. if the user idle for a period of time n minutes then it will be recycled. this session timeout is set on your web.config tag session <session timeout =”10”/>
Solution 2:
There is a property that detect if ASP.Net Generates new session ID (which means the old one has been flushed) : Session.IsNewSession then add check if cookies of asp.netsessionid is there . so to make sure it’s already timeout. put this function on your BasePage and ashx.
Here is the ascx that i built on.
1: <script type="text/javascript" src="../includes/js/Idle.js"></script>
2: <link href="../css/facebox.css" rel="stylesheet" type="text/css" />
3: <script src="../includes/js/facebox.js" type="text/javascript"></script>
4:
5: <script type="text/javascript">
6: function MySession() {
7: this.SessionTimeOut = 0,
8: this.RedirectTimeOutId=0,
9: this.IdleTimeOutId=0,
10: this.IsAlertShown=false
11: }
12: var session = new MySession();
13: session.SessionTimeOut = <%= SessionTimeOut %>;
14: setIdleTimeout(<%= TimeBeforeEndToPopUp %>);
15:
16: document.onIdle = function() {
17: if(!session.IsAlertShown)
18: jQuery.facebox('Your Session Is About to Expired');
19: if(session.RedirectTimeOutId==0)
20: session.RedirectTimeOutId= setTimeout(RedirectToLogin,3*60*1000);
21: }
22: function RedirectToLogin()
23: {
24: window.location='<%= RelativeLink.BuildAbsolute("logout") %>';
25: }
26: document.onBack = function(isIdle, isAway) {
27: if(isIdle){
28: clearTimeout(RedirectTimeOutId);
29: jQuery(document).trigger('close.facebox');
30: }
31: }
32: $(document).bind('reveal.facebox', function() {
33: session.IsAlertShown=true;
34: });
35: $(document).bind('close.facebox', function() {
36: session.IsAlertShown=false;
37: });
38: </script>
Code Behind File
1: protected void Page_Load(object sender, EventArgs e)
2: {
3: SessionTimeOut = Session.Timeout*60*1000;
4: //2 minutes before it ends
5: TimeBeforeEndToPopUp = SessionTimeOut - (2*60*1000);
6: }
7:
8: protected int SessionTimeOut { get; set; }
9:
10: protected int TimeBeforeEndToPopUp { get; set; }
So before 2 minutes session timeout it will show popup:
after 2 minutes it will redirect to Logout.
Lastly you should put the session timeout checker on your base page, ashx or you could built your httpmodule for this function.
1: private void CheckSessionExpired()
2: {
3: if (Context.Session != null)
4: {
5: //Tested and the IsNewSession is more advanced then simply checking if
6: // a cookie is present, it does take into account a session timeout, because
7: // I tested a timeout and it did show as a new session
8: if (Session.IsNewSession)
9: {
10: // If it says it is a new session, but an existing cookie exists, then it must
11: // have timed out (can't use the cookie collection because even on first
12: // request it already contains the cookie (request and response
13: // seem to share the collection)
14: string szCookieHeader = Request.Headers["Cookie"];
15: if ((null != szCookieHeader) && (szCookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
16: {
17: Response.Redirect(RelativeLink.BuildAbsolute("logout"));
18: Response.End();
19: }
20: }
21: }
22:
23: }
*this comes from this Article
That’s it Enjoy