CodeProject: The Defibrillator: Keeping ASP.NET Session Alive Ad Infinitum. Free source code and programming help

Sometimes you want to keep a session alive only as long as the user is on the site, or until they close their browser. You don't have security requirements in this situation that would make this a bad idea. You just want to keep the session timeout down, but let it persist as long as people are on your site (not just posting back to the server). I'm not kidding you when I tell you that I have figured out a way to do this with two lines of code.

Coming from a biomedical engineering background, I simply had to call this construct The Defibrillator :-) You'll soon see why.

Nuts and Bolts

The most elegant engineering solutions are the simplest ones. You break down a problem into its finest components, and then focus on applying your vast knowledge to each component in order to produce a unified solution.

There are only four concepts to this solution:

Knowledge of the Response.
Knowledge of the Refresh HTTP header attribute.
Session property access.
Plain old IFrame.

You will create a dummy WebForm called Defibrillator.aspx. You do nothing with this page other than add one line on the Page_Load in the code behind file:

private void Page_Load(object sender, System.EventArgs e)
{
    Response.AddHeader("Refresh", Convert.ToString((Session.Timeout*60)-10));
}

You just added the Refresh HTTP Header Attribute to the WebForm and gave it a value of your session timeout minus ten seconds. What does that mean? It means that ten seconds before the user's session is going to timeout, as long as they have a browser open, and they are on your page, this defibrillator page will deliver massive amounts of electrical current to your server, jolting the user's session back from the brink of death...which can also be described as automatically posting back to keep the session alive :-).

Great, you say...I don't want my site to post back visibly just to keep the session alive. You don't have to. This is where the second line of code comes in.

Go into your user control that is site persistent, such as the header, or footer user control. Now add this line of code into the front end WebForm markup language:

<IFRAME id=Defib src="/Defibrillator.aspx" 
     frameBorder=no width=0 height=0 runat="server"></IFRAME>

Now this invisible Defibrillator WebForm will just sit in the IFrame and post itself back to the server 10 seconds before the session times out, only if they are still on your site or a browser is open. Check out a View Source, you won't even see the Refresh attribute because it's hanging out in the invisible IFrame.

Please use this clever little trick with discretion and an understanding of your blade resources, or else I will have an army of network administrators ready to storm my fort :-)

Caveats

Browser Compatibility
It will work in any browser that interprets the Refresh HTTP header. In Netscape it has the effect of hitting 'Reload' at the specified time. I have read online that this refresh will exclude your page from search engine crawling... which is fine since you put this functional tag on a dummy page in an IFrame, that you don't want anyone browsing to anyway.
Out of our control: precision of ASP.NET timeout on server.
I've found that the session timeout itself in ASP.NET is not entirely accurate, especially when you are in a debug process. While I haven't had the Defibrillator fail for Session.Timeout - 10 seconds, I tested for 2 days with Session.Timeout - 5 seconds and it failed at around 36.5 hours of inactivity, because the ASP.NET session timed out before it was supposed to on the server. You may want to keep this in mind and perform your own little test. You could even fire up different browsers and let them rip, logging a time of failure and the browser type from the Request in your DB. So far so good on my app, no problems with the way I presented the solution here on Netscape or IE 6. (RE: Joe).

Extension

Write a combination of code in the defibrillator that works on a JavaScript timer, prompting the user to refresh session, and replace the Refresh HTTP header attribute with this construct. Since it is site persistent, put as much JavaScript into your .js files as possible. (RE: Fredrik)

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Thomas Kurek

Member

Broad engineering background, Virginia Tech Alum. Attracted to .NET by the sheer power of the framework and elegance of c#. Work includes analytical system to calculate joint torque during balance recovery to recommend physical therapy routines and correct bad biomechanics (preventative medicine). Assimilated force plate and 3D kinematic data for modeling. First and sole developer ever to fully automate corporate housing quotes, which I built into a larger engine that serves the company's entire enterprise.

Experience with applications architecture, DB design and UML 2.0. Experience with a broad range of applied mathematics, FEM software coding, solid and fluid mechanics. Great knowledge of healthcare and physiology with degree in Mechanical/Electrical/Materials Engineering Theory (Engineering Science and Mechanics) and concentration in biomechanics.

Currently expanding my corporate housing business engine by day. By night I am expanding my software engineering design and construction knowledge, staying in touch with the direction of healthcare management systems, and moving music business technology forward. Microsoft is now working on blowing iTunes out of the water, but my business is making an even bigger revolution that is far beyond just music retail. It strikes at the heart of the music industry's issues, and perhaps we will consider partnering with Microsoft to feed their music retail goals while they feed our music licensing, publishing, and digital decentralization of distribution.

I am the Enterprise Architect at my company and maintain a small but powerful and effective team. I have personally customized CxOne from construx (www.construx.com) for this team. Long live Steve McConnell.

Occupation:	Web Developer
Location:	United States

Other popular Session State articles:

A Session Data Management Tool
Introducing a .NET web service to manage session data for multiple applications
The Defibrillator: Keeping ASP.NET Session Alive Ad Infinitum
With only two lines of code (no joking) keep your session alive as long as the user stays on your site.
Prevent Session Timeout in ASP.NET
Simple code to prevent a sesison from timing out while a user enters data or edits HTML etc.
AH, Ah, ah, ah…Staying Alive…Staying Alive
Sometimes you want your web page to 'stay alive'. That is, if a user is filling out a complicated form, you do not want the session to time out before they are finished. The user could get very angry and rightfully so: You might even get yelled at! It's not simply a matter of increasing the session
Offering a better (ODP Compliant) ASP.NET Session object
This article discusses the problems and the available solutions for maintenance and utilization of ASP.NET session state of the .NET session object.

Article Top

You must Sign In to use this message board.

FAQ
Noise Tolerance Layout Per page

Msgs 1 to 25 of 69 (Total in Forum: 69) (Refresh)

FirstPrevNext

will it work if browser is minimized?

Pete Levine

13:28 27 Aug '09

hi, very cool. by the time i finish writing this i should know the answer myself. but i'll ask for others: will this work if the browser is minimized?
Sign In·View Thread·PermaLink

Re: will it work if browser is minimized?

Pete Levine

11:39 31 Aug '09

This didn't work for me when my browser was minimized. But this did: http://aspalliance.com/1621_Implementing_a_Session_Timeout_Page_in_ASPNET.1
Sign In·View Thread·PermaLink

Re: Results I have had

Daffy913

3:39 27 Aug '09

I have implemented this on 2 of the projects I am working on. I did find that 10 seconds insufficent timing to allow the page to refresh the session before the session time out happens for the one project I picked a number off the top of my head I choose 45 seconds and it works great. I could probably reduce it a little maybe down to 30 seconds. I don't have too much time to spare on the project. So, since it worked I am going with it and incidently I was testing with a timeout sent to 5 mins. We usually have it set to 20 min. and if a few cases I have seen it has been set to 600 min. a crazy high number just to avoid the timeout issue. I think this solution works much better though.

Session in asp.net(C#)

kva888

3:03 26 Aug '09

I have to keep some data of the user after his login and until he logout,throughout his session,can we do this with the help of session.Am new to asp.net,so any one can help me as soon as possible..please
Sign In·View Thread·PermaLink	2.00/5 (1 vote)

works when use sqlserver as backend.

jimmimohanan

0:32 8 Jun '09

Whether this idea has any relation with database. Because when i am using sql server as backend it is working fine but with oracle it is not.
Sign In·View Thread·PermaLink

Awesome

tumitaa

7:18 28 Nov '08

Nice idea man....it solved my problem!!
Sign In·View Thread·PermaLink

class library? possible

dsmportal

4:07 14 Nov '08

instead of placing the iframe in user control how about if you have the same code in a class library and have ref in your web project? make sense and possible ?
Sign In·View Thread·PermaLink

how about the db connection?

dsmportal

4:06 14 Nov '08

how about the db connection?
Sign In·View Thread·PermaLink

urgent question about this way of keeping session alive

ladypins

9:05 23 Jul '08

i am so tempted to implement this solution to keep the user session alive...they do NOT like walking away and losing their data.....
but...is this advisable for a web app that will be used INTENSIVELY for a period of ~ a month and simultaneously by thousands of staff members? (september is crunch time for submissions)
esentially all users wait last minute and they will be using the app during the same time window...
does my concern it make sense?
thanks!

Re: urgent question about this way of keeping session alive

Thomas Kurek

10:04 23 Jul '08

Hi Ladypins, your concerns are valid. I'm sure by now there are more clever ways to make this happen, but before you implement this, I'd consider design first. Long ago, when I did this, my users truly could not store any data in cookies, and I had a State Server running so session state was fairly fast. These choices were satisfactory for my needs of the project at that time.

Consider what data you need to persist, and how it can be done, remember, you have: Application, Session State, View State, Control State, URLs, Cookies, Hidden Fields, RDBMS, Service Layer, etc. Search for MSDN State Persistence for more guidance. A good design will take you farther than thousands of hours of tinkering, trust me. In the case that you do actually need stress testing, check out Microsoft Visual Studio for Software Testers. It will give you an integrated suite of testing tools whereby you may simulate your anticipated operational load for your organization. Good luck, good thinking, and best wishes to you on your project! Please let me know what you decide to do to satisfy your state persistence requirements if you have the time.

Achieve by taking great pride in everything you're charged with, be successful by having the initiative to charge yourself, and realize that talent is comprised of aptitude, hard work, and spirit. Hone in on your aptitudes and dedicate your spirit to reach your full potential.

Re: urgent question about this way of keeping session alive

ladypins

5:25 26 Jul '08

thanks T. for logging in to the CP site and replying to my post. i was starting to wonder if anyone read it... esentially my users enter a bunch of text into various texboxes and textareas.... i wish they would just click on the Save button before walking away....is that too much to ask of them?!! jeeezzz... LOL
Sign In·View Thread·PermaLink

7:48 9 Jul '08

23:15 8 Jul '08

This tips is very cool and helpful. Thanks a lot ... Eins
Sign In·View Thread·PermaLink

Re: Cool tips

Thomas Kurek

10:05 23 Jul '08

It's my pleasure Eins! Achieve by taking great pride in everything you're charged with, be successful by having the initiative to charge yourself, and realize that talent is comprised of aptitude, hard work, and spirit. Hone in on your aptitudes and dedicate your spirit to reach your full potential.
Sign In·View Thread·PermaLink

Maybe you would also like to check out

swedishspeeder

8:06 2 Sep '07

what I replied in this thread: http://forums.asp.net/p/1153421/1888917.aspx#1888917[^] Cheers! /Eskil www.pixer.se
Sign In·View Thread·PermaLink	5.00/5 (1 vote)

Thanks, I really needed this solution.

Buddy Stein

5:17 1 Sep '07

Thanks, I really needed this solution. I have to keep hundreds of mobile devices from dropping a session and this is the simplest solution I've seen. Note, this method, keeps an extra session alive. The main page session ID remains the same, however, the iFrame will have it's own session ID that times out and renews. Very good. Buddy S
Sign In·View Thread·PermaLink

Re: Thanks, I really needed this solution.

Thomas Kurek

6:23 1 Sep '07

It's my pleasure friend, glad it could help you out! Let me know if you discover any other interesting implementations Achieve by taking great pride in everything you're charged with, be successful by having the initiative to charge yourself, and realize that talent is comprised of aptitude, hard work, and spirit. Hone in on your aptitudes and dedicate your spirit to reach your full potential.
Sign In·View Thread·PermaLink

Simple and Worthy.

Thiagarajan Rajendran

9:59 10 Aug '07

Hi, Your article is very simple and worthy. Keep helping others Thanks! Rajendran Thiagarajan.
Sign In·View Thread·PermaLink

Time Out Issue

coolnaveen1234

22:35 15 Jul '07

Hi,

I check the followig condition in my Master Page.

If Session("UserId") = "" Then
response.redirect("Login.aspx")
End If

I've set the session time out to 240 minutes in global.asa file and also web.confic and it works fine in development.

When the application is deployed in IIs 6.0, the application times out after 20 minutes and the is redirected to Login.aspx...

Please suggest me what to do..

Naveen

2.00/5 (1 vote)

Re: Time Out Issue

peter gabris

8:32 12 Nov '07

did you checked your machine.config?
Sign In·View Thread·PermaLink	1.00/5 (1 vote)

Does this work with Master Pages?

zoetosis

23:57 22 May '07

Hi,

This seems to be just the sort of thing I'm after but I don't think it's working properly for me.
I've only got a few months ASP.NET under my belt so many of these concepts are new to me coming as I do from a VB6 background.

I don't have a persistent user control but all the pages in my site use a single master page.
My application stores the userid in session state and it is used in most database updates

I tried putting the Iframe in the body of the master page and left the app running until after the session would have timed out. When I clicked on the button I was returned to my login page and having entered the userid and pwd the update failed as it didn't have the user id anymore.

Can you suggest where I went wrong?

Thanks

Neil

Re: Does this work with Master Pages?

Thomas Kurek

6:14 23 May '07

Hey Neil,

Glad to help out. Check your HTML output by right clicking on the page and doing 'view source'. You might have to give your iframe page some visual elements so you can right click on it in the browser to view source. Inspect the header and see what made it in there. That will tell you if the response was formed as you intended.

Make sure your iframe page is running on the same web as the master page. Make sure your clients have cookies enabled. Still at a dead end? review your authentication code to see what is going on there may be something in your code that is disposing the session variable you expect to be there and redirecting to authenticate again.

Next, go to amazon.com and buy the MCPD: Web Developer set of 3 books from Microsoft Press for the MCPD certification. If you're new to .NET, those are the most efficient resources to learn all the fundamentals for the cheapest price. I did the same thing back in 2001 coming to .NET from Perl, C, and fortran, but it wasn't until I got the MCSD training books for .NET 1.1 that I felt in complete control of the framework.

For ASP.NET focus on the internals - how it works, what happens when you get an HttpRequest, through to the HttpResponse. What is Global.asax? What does it do? How can you manipulate the pipeline with HttpModules? These are great things for a winform developer to master first, which will save a lot of frustration about the differences between win/web apps in .NET.

Cheers,
Tommy

Re: Does this work with Master Pages?

zoetosis

8:48 3 Jul '07

Hi Thomas,

Thanks for the reply, I'd forgotten that I still had an issue with this so here goes.

I did a view source on the page (that uses a master page) and the source for the iframe was:

<iframe id="ctl00_Defib" src="/Defibrillator.aspx" frameborder="0" width="0" height="0">
</iframe>

I'm not sure what you meant by "Inspect the header and see what made it in there" as the iframe had to be placed in the body not the head.

All my pages, once the user has logged in use the same master page.
All pages are running on the same web as I'm still developing on a single machine at present.

What should I look at in respect of authentication code? The user has to log in and from there on the menu uses the user's roles to identify what should be displayed so I'm assuming that the authentication is OK, is that a false assumption?

I'll certainly look into buying the books you recommend when I have some spare cash.

Thanks

Neil

What will happen if my page is processing some database operation?

JoshiMahesh

20:44 8 Mar '07

Hello, If I implemented this in my master page footer and the page which is inheriting this master page on which I am doing some long database process. In this case what will happen? Does my process will get affected in any way? or something else? Please guide me on this issue. Thanks & regards, Mahesh RishabhMahesh
Sign In·View Thread·PermaLink

Re: What will happen if my page is processing some database operation?

Pete O'Hanlon

2:33 12 Apr '07

Nothing should happen to the database access because you are firing the refresh from an IFRAME and not your main page. Bear in mind that the IFRAME will have it's own page associated with it. Deja View - the feeling that you've seen this post before.
Sign In·View Thread·PermaLink

Last Visit: 12:29 8 Nov '09 Last Update: 12:29 8 Nov '09

12 3 Next »

General News Question Answer Joke Rant Admin

PermaLink | Privacy | Terms of Use
Last Updated: 31 May 2005
Editor: Smitha Vijayan