rcmb
asked on
Alert user before session timeout
I need some help displaying an alert to the user of their session expiration. If the click okay I need some type of server call that resets their session time but maintains their session variables.
Please help as this is very critical.
RCMB
Please help as this is very critical.
RCMB
Just a note...
If you have a requirement to actively time a user out after a certain period of inactivity, do NOT use alert() or confirm(). This will open a dialog box, and any JavaScript action to direct the user to the login/timed-out page will not work. You will need to use a pop-up (can be problematic if users have pop-ups blocked) or a <DIV> that appears at the appropriate time.
Using alert() or confirm() is fine if you don't have requirements to actively redirect users to login/timed-out pages and you are just providing a friendly reminder that their session is about to expire. From my experience, though, if the session duration is short enough that you need to notify users of an impending time-out, the underlying reason is based in security and carries a secondary requirement to redirect the user to a logon/timed-out page.
If you have a requirement to actively time a user out after a certain period of inactivity, do NOT use alert() or confirm(). This will open a dialog box, and any JavaScript action to direct the user to the login/timed-out page will not work. You will need to use a pop-up (can be problematic if users have pop-ups blocked) or a <DIV> that appears at the appropriate time.
Using alert() or confirm() is fine if you don't have requirements to actively redirect users to login/timed-out pages and you are just providing a friendly reminder that their session is about to expire. From my experience, though, if the session duration is short enough that you need to notify users of an impending time-out, the underlying reason is based in security and carries a secondary requirement to redirect the user to a logon/timed-out page.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
here is a simple AJAX implementation that will call another page in the background thus keeping the session open.
var keepSessionTimeout = 10 * 60 * 1000 //every 10 minutes to be safe
setTimeout("keepSession();
var req = null;
function keepSession()
{
var url = "anotherpage.html";
if ( window.XMLHttpRequest )
{
req = new XMLHttpRequest();
}
else if ( window.ActiveXObject )
{
req = new ActiveXObject("Microsoft.X
}
req.open("GET", url, true);
req.onreadystatechange = keepSessionCallback;
req.send(null);
setTimeout("keepSession();
}
function keepSessionCallback()
{
if (req.readyState == 4)
{
if (req.status == 200)
{
//the page request was a success
}
}
}
var keepSessionTimeout = 10 * 60 * 1000 //every 10 minutes to be safe
setTimeout("keepSession();
var req = null;
function keepSession()
{
var url = "anotherpage.html";
if ( window.XMLHttpRequest )
{
req = new XMLHttpRequest();
}
else if ( window.ActiveXObject )
{
req = new ActiveXObject("Microsoft.X
}
req.open("GET", url, true);
req.onreadystatechange = keepSessionCallback;
req.send(null);
setTimeout("keepSession();
}
function keepSessionCallback()
{
if (req.readyState == 4)
{
if (req.status == 200)
{
//the page request was a success
}
}
}
ASKER
maclema,
Do I need to have an actual page "anotherpage.html" or can it just be nothing?
If yes, does the page matter if it is html or asp?
How do I implement the code inside an existing page? Something like:
<script language="javascript">
<!--
your code....
//-->
</script>
-- or --
<script type='text/javascript' src='session_timer.js'></s
where session_time.js contains your code
RCMB
Do I need to have an actual page "anotherpage.html" or can it just be nothing?
If yes, does the page matter if it is html or asp?
How do I implement the code inside an existing page? Something like:
<script language="javascript">
<!--
your code....
//-->
</script>
-- or --
<script type='text/javascript' src='session_timer.js'></s
where session_time.js contains your code
RCMB
You would probably want the URL to point to an actual ASP page, as that would renew the session on the server. I don't know ASP architecture specifically, but in other web languages, the action of a user hitting an HTML page does not extend the session maintained on the server.
Either implementation would work. anotherpage.html needs to be a page that exists and yes it should be asp.
That should do the trick for you. I have a quiz page in jsp that I use that on to keep the session open since the quizes can take up to 2 hours to complete.
Another point I might bring up is that you may want to append a random number on the aend of the url so that internet explorer dosnt just cache the page.
eg.
anotherpage.asp?r=94809483
- Matt
That should do the trick for you. I have a quiz page in jsp that I use that on to keep the session open since the quizes can take up to 2 hours to complete.
Another point I might bring up is that you may want to append a random number on the aend of the url so that internet explorer dosnt just cache the page.
eg.
anotherpage.asp?r=94809483
- Matt
In terms of integrating the JavaScript with your page, I recommend using the external .js file. You don't want to have to maintain this in each of your web pages separately - say when somebody decides you need a 30 minute time-out with a warning at 29 minutes.
Instead of a random number, consider setting the Cache-Control header in the asp page (anotherpage.html) to "no-cache". This is the most effective way to prevent IE from caching the AJAX response.
no-cache works but I have noticed that IE still caches some pages with no-cache.
I know for jsp if you dont want IE to cache you have to use "no-store" instead of "no-cache". Not sure why but it makes a big difference. It may be the same in ASP.
I think the safest route would be to use no-cache and a random number.
- Matt
I know for jsp if you dont want IE to cache you have to use "no-store" instead of "no-cache". Not sure why but it makes a big difference. It may be the same in ASP.
I think the safest route would be to use no-cache and a random number.
- Matt
Interesting! I haven't seen a problem with .jsp and IE caching when using no-cache, but I'll keep the no-store suggestion in mind if I do run into it. Thanks!
ASKER
Cannot get the page to access. I am monitoring my sql server with Profiler and the db query from keepsession.asp is never being called. Any suggestions on what I am doing wrong?
here is the code I am using:
<script type="text/javascript" src="session_timer.js"></s
<!--
var keepSessionTimeout = 1 * 60 * 1000 //set to 1 minute for testing
setTimeout("keepSession();
var req = null;
function keepSession()
{
var url = "/keepsession.asp"; //this file contains a db query that returns nothing
if ( window.XMLHttpRequest )
{
req = new XMLHttpRequest();
}
else if ( window.ActiveXObject )
{
req = new ActiveXObject("Microsoft.X
}
req.open("GET", url, true);
req.onreadystatechange = keepSessionCallback;
req.send(null);
setTimeout("keepSession();
}
function keepSessionCallback()
{
if (req.readyState == 4)
{
if (req.status == 200)
{
//the page request was a success
}
}
}
//-->
here is the code I am using:
<script type="text/javascript" src="session_timer.js"></s
<!--
var keepSessionTimeout = 1 * 60 * 1000 //set to 1 minute for testing
setTimeout("keepSession();
var req = null;
function keepSession()
{
var url = "/keepsession.asp"; //this file contains a db query that returns nothing
if ( window.XMLHttpRequest )
{
req = new XMLHttpRequest();
}
else if ( window.ActiveXObject )
{
req = new ActiveXObject("Microsoft.X
}
req.open("GET", url, true);
req.onreadystatechange = keepSessionCallback;
req.send(null);
setTimeout("keepSession();
}
function keepSessionCallback()
{
if (req.readyState == 4)
{
if (req.status == 200)
{
//the page request was a success
}
}
}
//-->
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
sorry.. accidently pressed enter on submit button.
if id did work, try adding the "no-cache" and the random number to the end.
matt
if id did work, try adding the "no-cache" and the random number to the end.
matt
ASKER
Thanks for your help.
RCMB
RCMB
glad to see it worked for you :)
<script>
// Set timout little less than actual timeout so as to give user time to react.
Timeout = 15 * 60 * 1000; // Milli-Seconds (for 20 minute timeout - warning in 15 minutes)
setTimeout("AlertUser();",
function AlertUser()
{
var ans = confirm("Timeout in 5 minutes. Reset?");
if (ans)
{
var oImage = new Image;
oImage.src = "AnyImageName.gif?" + Math.random(); // Added random URL so that image is not cached.
}
}
</script>