Make session last forever

Gevorg

4.24/5 (42 votes)

Apr 28, 2006

CPOL

2 min read

180892

This article will show how to make the session last longer than 20 minutes of inactivity.

Introduction

You do not always have the luxury to bump up the session expiration period from 20 minutes on a server (most likely you are on a shared hosting). Plus it's a bad idea to unnecessarily consume the resources on a server. I have a simple solution that will take care of this problem.

Solution

The solution is simple. Let's create an ASPX page that will return a 1x1 transparent GIF image, and using JavaScript, refresh it every 15 minutes. Thus, the browser will renew the session every 15 minutes if the user is simply reading long text on a page or has walked away to get a cup of coffee. But if the browser is closed (or the user navigates away from our site), the session will expire after 20 minutes of inactivity. And we no longer consume the resources on the server.

Implementation

The implementation is rather simple, especially in the .NET environment.

Create a renewSes.aspx page
In the code-behind, add the following lines:

public class renewSes : System.Web.UI.Page
{
    static byte [] gif = {0x47,0x49,0x46,0x38,0x39,0x61,0x01,0x00,0x01,
                          0x00,0x91,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
                          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x21,0xf9,
                          0x04,0x09,0x00,0x00,0x00,0x00,0x2c,0x00,0x00,
                          0x00,0x00,0x01,0x00,0x01,0x00,0x00,0x08,0x04,
                          0x00,0x01,0x04,0x04,0x00,0x3b,0x00};

    override protected void OnInit(EventArgs e)
    {
        InitializeComponent();
        base.OnInit(e);
    }
    
    private void InitializeComponent()
    {    
        Response.AddHeader("ContentType", "image/gif");
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.BinaryWrite(gif);
        Response.End();
    }
}

This code will simply output a small 1x1 transparent GIF, which is in the array "gif", so we do not need to hit the file system for that. Plus, Cacheability is set to NoCache as we do not want the browser to hit the cache, but we want it to renew our session.

Create a user control that has the following HTML:

<script language="Javascript">
window.setInterval("renewSession();", 600000);
function renewSession()
{document.images("renewSession").src = "/renewSes.aspx?par=" + Math.random();}
</script>
<img src="/renewSes.aspx" name=renewSession id=renewSession>

The code simply hits /renewSes.aspx every 10 minutes, thus keeping your session alive. Plus, Math.random was added to avoid caching in the browser.

Dump it on every page somewhere. Or if you are using templates, then simply add it to your master page.
Done!!! You might want to move the JavaScript code to RegisterClientScriptBlock, but it's not necessary.

Conclusion

Obviously, this method will only work if JavaScript is on, but it's a majority, plus do not forget that it's only for rare cases when the user leaves your page open and walks away expecting you will keep him logged in forever. The server resources are minimal since sessions will continue to expire every 20 minutes when the user navigates away, and the only excessive traffic is the 48 bytes every ten minutes to keep the session alive.

Sample

If you want to see how it works, feel free to visit my E-Commerce Body jewelry site. Add something to the shopping cart and wait for 20 minutes or for a couple days. When you will be back, the cart is still going to be there.