How to timeout session in 5 minutes in ASP.NET

Question

0.00/5 (No votes)

See more:

In Asp.net session timeout is based on sliding expiration
It means if I set sessionTimout to 5 minutes and user access session
after 3 minutes session will receed again to 5 minutes. Each time session
is acccessed it ressets time.

How to avoid above situtation and kill session straight in 5 mins irrespective
of how many times it is accessed in between.

What I have tried:

I tried to set timer after login in login page and OnTimeElaspsed
event I tried to kill session but session is not availble in that event
as page life cycle gets over by that time.

C#

System.Timers.Timer aTimer = new System.Timers.Timer(10000) { AutoReset = false };
aTimer.Elapsed += new ElapsedEventHandler(OnTimedEvent);
aTimer.Enabled = true;

private static void OnTimedEvent(object source, ElapsedEventArgs e)
{
	HttpContext.Current.Session.Abandon();
}

Posted 9-Mar-17 20:25pm

TinTinTiTin

Updated 9-Mar-17 22:47pm

Graeme_Grant

v2

Add a Solution

2 solutions

Solution 1

Google Search has many great answers for you: setting asp.net session timeout - Google Search[^]

Like this one: Session timeout in ASP.NET - Stack Overflow[^]

[edit] So you want the user to sign in and only have a fixed period of time before the session is closed. Not time out due to inactivity after a period of time (what you call sliding window).

Timer is not the solution.

What if you had a successful website with thousands of active users? (eg: CodeProject has over 30,000 active users at the time I am writing this). The first thing that comes to mind is that you will run out of memory very quickly.

I would set a timeout on a cached Session value. Session states scale dependent on the strategy that you use, so you can avoid memory exceptions.

Then you can:
1. on postback check for the existence of the value;
2. periodically from the page, do an Ajax check for the value.

If the value is gone, then the session has expired. Now you can let the user know their session is over.

Hope this helps...

Posted 9-Mar-17 20:45pm

Graeme_Grant

Updated 9-Mar-17 21:29pm

v2

Comments

TinTinTiTin 10-Mar-17 3:12am

Hi Graeme_Grant, You didn't got my question. I don't wan't sliding session timeout.
Link provided just show to to set timeout(default sliding).

Graeme_Grant 10-Mar-17 3:31am

Please check that the revised answer is what you are looking for. If not, please click on Improve question to add more info to the question.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Accepted Answer · 2017-03-09T22:47:00

Add these events to your global.asax file

void Session_Start(object sender, EventArgs e)
{
    Session["SessionExpiry"] = DateTime.Now.AddMinutes(5);
}

void Application_AcquireRequestState(object sender, EventArgs e)
{
    try
    {
        DateTime expiry = (DateTime)base.Context.Session["SessionExpiry"];

        if (expiry <= DateTime.Now)
        {
            Session.Abandon();

            // the abandoned session won't kick in until the next page request.
            // here I am redirecting back to the current page, but you may want to do something else
            // like redirect to a "Session Expired" page.
            Response.Redirect(Request.RawUrl);
            base.Context.ApplicationInstance.CompleteRequest();
        }
    }
    catch
    {
    }
}