0

I want my web page to close when SessionState timeout occures. This is my code in my web config:

<system.web>
<sessionState timeout="1" mode="InProc"/>
</system.web>

I set to 1 minute for testing purposes. The following is my Global.asax code:

protected void Session_End(object sender, EventArgs e)
{
    Response.Redirect("~/LogOut.aspx");
}

I put a label on one of the pages in order to check the session timeout, this is the code in the Page_Load event:

lblSession.Text = "SESSION TIME: " + Session.Timeout.ToString();

When I enter the site and come to this page the label shows SESSION TIME: 1, but after 1 minute I don't get redirected to the LogOut page and the present page is still fully active and working, apparently meaning that the session has not been terminated. I am working in Visual Studio 2008 thru the development server so suggestions I've seen relating to IIS settings don't seem to be relevant at this stage. Please help!

Improve this question

3 Answers 3

Reset to default
3

HTTP is a request / response protocol. There is no persistent connection between the browser and the server. The code in Session_End thus effectively does nothing — it can't tell the browser to do anything.

You would need to make a (client-side) JavaScript timer and actively load the logout page right before the session timeout elapses.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

The code might even crash because Response is null at that point.
Could give me some help making a javaScript timer? Thank you.
I used an AJAX timer. In the page_Load I put the session timeout value in an int variable multiplying by 60000 to get the time out in miliseconds, then I set the interval property of the timer to the timeout minus 2000 miliseconds so that the timer fires a little before session timeout elapses. That fires the Timer_Tick event in which I redirect to the LogOut page. It works nicely. Thank you!
1

Session_End in my experience gets called on the first postback (could be implemented via a client-side Timer) after the timeout occurred - whenever that might be... if the user just closes the browser this event may never be called (except for the case you made a specific JS handler unload to do the postback in that situation).

For some information see:

Improve this answer

2 Comments

Thank you some of those links are helpful for me.
@DovMiller you are welcome :-) please don't forget to upvote/mark as accepted answer that are of help (see meta.stackexchange.com/questions/5234/…).
0

This doesn't seem to be the correct way of testing your session timeout. Try putting something in the session variables. Don't touch the page for another couple of minutes, and try reading it back from Session. If your session is alive, you should be able to see the variables, else... you won't.

Learn more about session and troubleshooting session... http://aspalliance.com/1182_Troubleshooting_Session_Related_Issues_in_ASPNET

Improve this answer

2 Comments

thank you, I saw your link it deals with session loss but my problem seems to be the opposite, that the session doesn't end when it's supposed to, the page continues to react as usual, buttons reacting and causing postbacks as usual etc.
@DovMiller, Ondrej has put it aptly. To explain it in simple terms, Session_End will not fire in the "browser" at all. It is an event that would happen at the server whenever the session ends. Since the client may or may not be connected during that time, there is no way AFAIK you can do Response.Redirect in this event. Hence, you won't see the browser react automatically. Did you get a chance to try the session variables approach that I suggested earlier?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.