Session is Expired when the user is also active...

Question

0.00/5 (No votes)

See more:

Dear Experts,

I am Doing an Asp.net project. In that Project am using Session having 1 min to time out..

My Problem is , the Session is expired while the user is also Active.....

Here is the below code in my web.config file....

XML

<sessionState mode="InProc" cookieless="true" timeout="1"></sessionState>
      
      <authentication mode="Forms">       
        <forms name="login" defaultUrl="~/default.aspx" loginUrl="~/default.aspx" 
               slidingExpiration="true" timeout="1" protection="All" path="/"></forms>
      </authentication>

PLease help me.. why it is happen..?

NB: Here i mentioned the user is active... means... the user is not create any postback.. just typing some text in the form only......

Thanks and regards,

Dileep..

Posted 11-Apr-13 3:41am

dilzz

Updated 11-Apr-13 6:21am

v4

Add a Solution

Comments

CHill60 11-Apr-13 11:26am

Are you sure the session is timing out - you have timeout="1" in authentication too

dilzz 11-Apr-13 12:09pm

In Authentication i have used " DateTime.Now.AddMinutes(50)" and am sure the session is expired... i have add some other code in masterpage.. here it is...

protected override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
this.CPH_Head.Controls.Add(new LiteralControl(
String.Format("<meta http-equiv='refresh' content='{0};url={1}'>",
SessionTimeOutWithin * 60, PageToSentAfterSessionTimeOut)));
}

//This the page to be refresh after sessioin timeout
public string PageToSentAfterSessionTimeOut
{
get { return "../../SessionExpired.aspx"; }
}

//This takes the Session.Timeout from the webconfig or from where the Session.Timeout is being set
public int SessionTimeOutWithin
{
get { return Session.Timeout; }
}

when the session expired it will be automatically go to the "SessionExpired.aspx" page...

I have used the session state mode="InProc"... is that fine..??

Here i mentioned the user is active... means... the user is not create any postback.. just typing some text in the form only.......

Thanks....

ZurdoDev 11-Apr-13 12:27pm

What's your question? The user is not active. I explained this earlier. The web is disconnected. The session is maintained on your server but your server has no clue the user is typing at the moment because it is disconnected. So, you have to write code to call a dummy webservice (just something so that the server is contacted) and call that webservice anytime you want client action to keep session alive.

dilzz 11-Apr-13 12:33pm

sir,

I am new with this session, can u please give some examples that u mention the above..

Thanks

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

vijay__p · Answer 1 · 2013-04-11T18:26:00

You have set

C#

slidingExpiration=true

but you should know about its behaviour.

Sliding expiration resets the expiration time for a valid authentication cookie if a request is made and more than half of the timeout interval has elapsed. If the cookie expires, the user must re-authenticate. Setting the SlidingExpiration property to false can improve the security of an application by limiting the time for which an authentication cookie is valid, based on the configured timeout value.

Your timeout value will be decreased by half if slidingExpiration is set to true.

Check below links for more details
http://weblogs.asp.net/andreaszenker/archive/2009/07/10/slidingexpiration-notreally-timeout-notwhatithinkitis.aspx[^]

http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.slidingexpiration.aspx[^]