Click here to Skip to main content
15,559,155 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I hope this is the right place for this question.
I need to logout a Win Form Application after there is no user activity for [300] seconds. I saw lots of solutions, including detecting Idle State, last Activity and this really sophisticated component here - Detecting Win Form Idle Time for doing logout as well as Detecting Application Idleness
In the second article though was a comment by Sara Kulu that showed a very very simple way to do the same thing. It's so simple that is concerns me. I tested it in a MDI application. It works great when there is/is not activity on the Form and ignores activity off of it. It's just too easy. Can anyone suggest any problems with it?

DateTime dtLastIdleTime = DateTime.Now;
protected override void WndProc(ref Message m)
    base.WndProc(ref m);
    dtLastIdleTime = DateTime.Now;

private void timer1_Tick(object sender, EventArgs e)
    appendToFile("\r\nTimer Says:" + DateTime.Now.ToLocalTime() + "..." + dtLastIdleTime.ToLocalTime() + "...");

What I have tried:

I tried this and it worked wonderfully. If anyone can tell me a problem with it, I'll have to try one of the other more complicated methods... How's that?
Updated 14-Sep-16 6:54am

1 solution

WndProc is not just called when your user does something - it's called whenever anything happens in Windows that might affect your application. For example, if you move a different app so your app's is shown - even in part - then WndProc will be called to repaint your display. Heck, if the mouse crosses the application WndProc will be called!

It isn't a good "the user is using my app" indicator! You need to monitor for actual activity, not just "something happened in windows".
Share this answer
Michael Breeden 14-Sep-16 12:21pm    
Apparently I caused a misunderstanding. My objective is to log the person off the application if they are not using the computer - "user activity" - which appears to be a security issue - rather than if they are not using the application. If they are still using the computer, I expect it is the same person. My concern is if they walk away from the computer or forget it somewhere. If they are using it for something else other than my application, I am assuming they are still in possession of the machine. If the machine is not being used ... then I want the logoff.
Is there any other disadvantage to using this code?
OriginalGriff 14-Sep-16 12:31pm    
Well yes - if what they are doing with the computer doesn't affect your app (writing a letter say, or browsing the internet) then WndProc won't get anything. It only gets messages is something is affecting your app, remember?
If you are looking at this from a security POV, then you need to be looking at a more reliable means of detection - and that probably means you should be looking at Global Hooks into the Keyboard and Mouse. That's not impossible in C# - Google will find examples for you - but it's not trivial, and has to be handled correctly or you could crash the whole system.
Alternatively, create a screen saver that forces your app to log off when it's activated? Not secure, in that the user can disable the screen saver - but easier than Hooking to develop.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900