How to implement fake session time out in MVC 5 / C#

Question

0.00/5 (No votes)

See more:

Hi to all,

Good day!

I would like to ask on how to implement fake session timeout if 30 minutes passed without intervention from the user like mouse click or keyboard press. My existing application is always refreshing just to check the status flag from database table. Because of this, the regular session timeout is not working because of the constant refreshing of the page. Now, I would like to ignore the page refreshing or page reloading in every two seconds and execute the session timeout if no intervention coming from the mouse or keyboard. is it possible? If yes, what would be the best or sample code that I gonna do to execute the session timeout even the page is always reloading. Once the session timeout is executed, the page will be re-directed to log-in page.

Thank you very much.

Below is my sample code in webconfig

What I have tried:

<appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    <add key="ActiveDirectoryDomainList" value="Domain_1;Domain_2" />
    <add key="IActiveDirectoryAdapter" value="ExternalSystems.ActiveDirectoryMockAdapter, ExternalSystems" />
    <add key="MemberFilter" value="Filter1,Filter2" />
    <add key="SessionTimeOut" value="30" />
    <add key="SqlCommandTimeOut" value="120" />


  </appSettings>

Below is my SecurityController.cs

[HttpPost]
		[ValidateAntiForgeryToken]
		public ActionResult LogIn(LogInModel model)
        {
            if (!ModelState.IsValid)
            {
                return View(model);
            }

            model.IPAddress = Request.UserHostAddress;

            model.SessionId = HttpContext.Session.SessionID;
            model = SecurityBL.LogInUser(model);

            if (model.ErrorList.Any())
            {
				ViewBag.Message = model.ErrorList.First().ErrorMessage;
                return View(model);
            }

            FormsAuthentication.SetAuthCookie(model.UserName, false);
			SessionManager.LastLogin = DateTime.Now.ToString();
			SessionManager.EmployeeGroup = model.EmployeeGroup;
			SessionManager.UserID = model.UserID;
			Session.Timeout = Convert.ToInt32(model.SessionTimeout);

			switch (model.EmployeeGroup)
			{
				case Constants.AccountingGroup:
					return RedirectToAction("UserDashBoard", "AccountDashBoard");
				case Constants.AdminGroup:
					return RedirectToAction("AdminDashBoard", "AccountDashBoard");
				default:
					break;
			}

			return RedirectToAction("LogIn", "Security", new { info = "Identity not valid!" });
		}

Posted 9-Jan-18 17:02pm

Silver Lightning

Updated 10-Jan-18 1:14am

Add a Solution

Comments

F-ES Sitecore 10-Jan-18 7:17am

So you have code to keep the session active, and you want code to implement a session timeout? Why don't you just stop using the code that keeps the session active?

Silver Lightning 11-Jan-18 0:34am

Hi Sir,
I would like to implement a timer that would not reset even the page is refreshing, the session timeout was set to 30 minutes. The only interruption that could reset the session time out is when the event is coming from the keyboard press and mouse click. I found the jquery.countdown.js but I don't know on how to implement the right code that the timer should not reset even the page is always refreshing. Thank you very much for your help in advance Sir.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

W∴ Balboos, *GHB* · Answer 1 · 2018-01-10T01:14:00

Solution 1

How about rethinking your logic? Keep an internal timer in your system for the dormant period. If it reaches a certain amount of time - the shut down your application and then let the existing timeout take care of the rest (albeit delayed by your process).

This is a clean method in that you don't rely on any potentially security-compromising code.

Potential flaw: you application is running, but not in use. Meanwhile, the user is actively working with the workstation. Do you let your application time itself out? For this, you may need to hook into the system, somewhat bringing you back full-circle.

So - combining these two ideas: you application stops it automatic refresh if otherwise dormant for some period of time - then, it will not shut down from inactivity if other applications in use; meanwhile, the system can shutdown from inactivity if noone's doing anything

Posted 10-Jan-18 1:14am

W∴ Balboos, GHB

Comments

Silver Lightning 10-Jan-18 21:47pm

Hi Sir,

Thank you for your help. Yes I'm thinking of an internal timer, but how could I ignore the system's refreshing in every two seconds. the timer will always be reset. How could I make the time to continue and will not reset for 30 minutes even the page is always reloading or refreshing?

W∴ Balboos, GHB 11-Jan-18 8:15am

As you describe, above, it's your application that's refreshing every two seconds. Just stop refreshing it at a certain point until it receives its own keyboard input. If no one's looking at it - what does it matter? When this is done, you can let the system's timeout/disconnect take its course.

Silver Lightning 11-Jan-18 19:22pm

Hi Sir, the page shouldn't be stopped because its getting an update from the database. what I'm trying to impose right now is to implement a jquery.countdown.js and put a timer inside. that timer would still continue even the page is refreshing. when the timer reached 30 minutes then the web application will re-directing to login page (session time out). Then, if the event is coming from the mouse or keyboard then that's the only time that my implemented timer will be reset. Do you think it's the right way to do to execute the session timeout? Any sample code on how could I implement the timer that will not reset even the page is refreshing? Thank you very much for your advised and helping my case here sir. :)

W∴ Balboos, GHB 12-Jan-18 6:30am

Why do you want to update an interface that no one is using? Furthermore, if you allow the normal timeout to occur it will shut down your application, anyway. I described what I'd do - the rest is up to you.