a revamped timeout scenario [Answered]RSS

2 replies

Last post Feb 03, 2016 10:40 PM by rokosz

  • a revamped timeout scenario

    Jan 30, 2016 12:45 PM|rokosz|LINK

    Hi all,

    Summary: How does one check for an active session without re-setting the Session.timeout?

    classic asp iis6

    I'm revamping a session timeout scenario. Previously if the user timed out while viewing a page the page would remain on screen.  If they then clicked a link on that page which requires going to the server they'd be prompted to (re-)login for access.

    The revamp is to not leave the timed-out page visible, but direct the user to a "you're logged out" page as soon as the session times out.

    The problem seems to be that the very act of checking the session, re-sets the timeout of the session, via the following executed on the server: 

    <% if Trim(Session("ID"))="" then
         return false
    %>

    which is in a Sessioncheck.ASP called via:

    <script language=javascript>
    setInterval("StillinSession()",5000)
    function StillinSession()
    {
      var request=false;
         xmlhttp=new XMLHttpRequest();
         xmlhttp.onreadystatechange=function()
          {
           if (xmlhttp.readyState==4 && xmlhttp.status==200)  // is 200 really needed?         
              /* code removed for brevity in forum */
    /* sessioncheck.asp returned a dead session */ window.location="URLoggedOut.asp" } } xmlhttp.open("POST","SessionCheck.asp",true); // POST here not GET (most mca calls:GET xmlhttp.send(); }
    </script>

    so if the timeout is set to 20 minutes, and SessionCheck.asp is run every five seconds, the timer is set back to 20 minutes every five seconds because sessioncheck.asp refreshes the session each time it executes.

    An alternative:  logging users to a DB table doesn't work because their sessions are not fixed -- as long as they're active, the session must stay active.

    What am I missing? any ideas?  thanks

  • Re: a revamped timeout scenario

    Feb 01, 2016 04:20 AM|Jean Sun|LINK

    Hi,

    Every time you refresh or request a page, the  Session-Timeout will be reset. In your code you request the SessionCheck.asp page every 5 seconds, the Session-Timeout will be reset every 5 seconds too.

    You can find code sample about auto redirect to login page when Session is expired in the following link, please take it as reference.

    https://code.msdn.microsoft.com/Auto-redirect-to-login-e1782b2f

     

    Best Regards,

    Jean

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: a revamped timeout scenario

    Feb 03, 2016 10:40 PM|rokosz|LINK

    Thank you Jean Sun.  That was a good push down a path I'd started to ponder.  I bastardized it quite a bit for my "frame"work, but it is a great guide.

    btw, To anyone reading this and also downloading the source for use:  beware the function getCookieVal  has a javascript typo:  offset vs. offSet