Click here to Skip to main content
15,311,717 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi to all,

Good day!

I would like to ask on how to implement fake session timeout if 30 minutes passed without intervention from the user like mouse click or keyboard press. My existing application is always refreshing just to check the status flag from database table. Because of this, the regular session timeout is not working because of the constant refreshing of the page. Now, I would like to ignore the page refreshing or page reloading in every two seconds and execute the session timeout if no intervention coming from the mouse or keyboard. is it possible? If yes, what would be the best or sample code that I gonna do to execute the session timeout even the page is always reloading. Once the session timeout is executed, the page will be re-directed to log-in page.

Thank you very much.

Below is my sample code in webconfig

What I have tried:

<appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    <add key="ActiveDirectoryDomainList" value="Domain_1;Domain_2" />
    <add key="IActiveDirectoryAdapter" value="ExternalSystems.ActiveDirectoryMockAdapter, ExternalSystems" />
    <add key="MemberFilter" value="Filter1,Filter2" />
    <add key="SessionTimeOut" value="30" />
    <add key="SqlCommandTimeOut" value="120" />


  </appSettings>




Below is my SecurityController.cs

[HttpPost]
		[ValidateAntiForgeryToken]
		public ActionResult LogIn(LogInModel model)
        {
            if (!ModelState.IsValid)
            {
                return View(model);
            }

            model.IPAddress = Request.UserHostAddress;

            model.SessionId = HttpContext.Session.SessionID;
            model = SecurityBL.LogInUser(model);

            if (model.ErrorList.Any())
            {
				ViewBag.Message = model.ErrorList.First().ErrorMessage;
                return View(model);
            }

            FormsAuthentication.SetAuthCookie(model.UserName, false);
			SessionManager.LastLogin = DateTime.Now.ToString();
			SessionManager.EmployeeGroup = model.EmployeeGroup;
			SessionManager.UserID = model.UserID;
			Session.Timeout = Convert.ToInt32(model.SessionTimeout);

			switch (model.EmployeeGroup)
			{
				case Constants.AccountingGroup:
					return RedirectToAction("UserDashBoard", "AccountDashBoard");
				case Constants.AdminGroup:
					return RedirectToAction("AdminDashBoard", "AccountDashBoard");
				default:
					break;
			}

			return RedirectToAction("LogIn", "Security", new { info = "Identity not valid!" });
		}
Posted
Updated 10-Jan-18 1:14am
Comments
F-ES Sitecore 10-Jan-18 7:17am
   
So you have code to keep the session active, and you want code to implement a session timeout? Why don't you just stop using the code that keeps the session active?
Silver Lightning 11-Jan-18 0:34am
   
Hi Sir,
I would like to implement a timer that would not reset even the page is refreshing, the session timeout was set to 30 minutes. The only interruption that could reset the session time out is when the event is coming from the keyboard press and mouse click. I found the jquery.countdown.js but I don't know on how to implement the right code that the timer should not reset even the page is always refreshing. Thank you very much for your help in advance Sir.

1 solution

How about rethinking your logic? Keep an internal timer in your system for the dormant period. If it reaches a certain amount of time - the shut down your application and then let the existing timeout take care of the rest (albeit delayed by your process).

This is a clean method in that you don't rely on any potentially security-compromising code.

Potential flaw: you application is running, but not in use. Meanwhile, the user is actively working with the workstation. Do you let your application time itself out? For this, you may need to hook into the system, somewhat bringing you back full-circle.

So - combining these two ideas: you application stops it automatic refresh if otherwise dormant for some period of time - then, it will not shut down from inactivity if other applications in use; meanwhile, the system can shutdown from inactivity if noone's doing anything
   
Comments
Silver Lightning 10-Jan-18 21:47pm
   
Hi Sir,

Thank you for your help. Yes I'm thinking of an internal timer, but how could I ignore the system's refreshing in every two seconds. the timer will always be reset. How could I make the time to continue and will not reset for 30 minutes even the page is always reloading or refreshing?
W Balboos, GHB 11-Jan-18 8:15am
   
As you describe, above, it's your application that's refreshing every two seconds. Just stop refreshing it at a certain point until it receives its own keyboard input. If no one's looking at it - what does it matter? When this is done, you can let the system's timeout/disconnect take its course.
Silver Lightning 11-Jan-18 19:22pm
   
Hi Sir, the page shouldn't be stopped because its getting an update from the database. what I'm trying to impose right now is to implement a jquery.countdown.js and put a timer inside. that timer would still continue even the page is refreshing. when the timer reached 30 minutes then the web application will re-directing to login page (session time out). Then, if the event is coming from the mouse or keyboard then that's the only time that my implemented timer will be reset. Do you think it's the right way to do to execute the session timeout? Any sample code on how could I implement the timer that will not reset even the page is refreshing? Thank you very much for your advised and helping my case here sir. :)
W Balboos, GHB 12-Jan-18 6:30am
   
Why do you want to update an interface that no one is using? Furthermore, if you allow the normal timeout to occur it will shut down your application, anyway. I described what I'd do - the rest is up to you.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900