• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 362
  • Last Modified:

On session timeout-= i need redirect immediately.. how?

I am designing a survey application for a relatively large company, and i've come across one problem that's really bugging me.  Say a user starts taking a survey, then gets up and walks away.  If he does no activity for 20 minutes, he times out.  When this happens I want him to be redirected to the login page.  Without clicking anything else.  He should be redirected immediately.  Session_onEnd is no good... i need a different way.  How?  Javascript?
0
chopper99
Asked:
chopper99
  • 6
  • 5
  • 4
  • +6
1 Solution
 
prokniCommented:
I normally handle it in this way,
In on_session_start or on the first page say
session("timeout")=1
on each page added this file

if Isempty(session) then
   response.redirect "logon.asp"
end if

In this way if time out happens you lost your session vatiable and you can detect it in the beginning of the page.
I guess, there are more efficent way to do that, but this is really simple and easy to use.

Paymon
0
 
dredgeCommented:
prokni:

have you ever tried that? it will not work, because if you lose your session, the first time you go back to that website, you'll get a new session. therefore, session() will always have value.


chopper99:

use cookies.

store a cookie like this, whenever they hit your page in:

<%
Response.Cookies("SessionID")=Session.SessionID
Response.Cookies("SessionID").Expires=DateAdd("n",20,now())
%>


by using the DateAdd function, you can set the cookie to expire in 20 minutes.

but before that happens, you need to check to see if the cookie has already expired. if it has, redirect.

so, your final code will look like this:

<%
If Request.Cookies("SessionID")<>"" Then
  Response.Cookies("SessionID")=Session.SessionID
  Response.Cookies("SessionID").Expires=DateAdd("n",20,now())
Else
  Response.Redirect("/login/")
  Response.End
End If
%>
0
 
thunderchickenCommented:
Try adding it to your session_on_end event
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
prokniCommented:
Actually i tried it and it works on my system,
I use it in security stuff on my end, when user login I get the userid and put it in one session, this is the code

session("employeeno") = employeeno

on top of each page I have this ocde to make sure session is not expired

if session("employeeno") = "" then
      response.redirect "Security.asp"
end if

If the session is expired then I redirect them to securoity.asp to ask the username and password again.
It works, When the session time out happens , it destry my session variable employeeno then
"if session("employeeno") = "" then"
 returns true.

Paymon
0
 
dredgeCommented:
thunder:

if you read the whole question, you'll see "Session_onEnd is no good" which is very true because session_onend doesn't work. http://www.aspfaq.com/faq/faqShow.asp?fid=66
0
 
dredgeCommented:
prokni:

the code you just posted is VERY different from what you posted previously.

this new code will work, yes. because is is specifically looking for the Session("employeeno"). your previous comments were looking at the entire Session object "Isempty(Session)" which will ALWAYS return False because the Session object is NEVER empty - it always has Session.SessionID, as well as other values stored in it.
0
 
prokniCommented:
Sorry it was typo,
you are right, but anyway it works.
0
 
John844Commented:
I would place a meta refresh tag on the page. set the wait value to 20 minutes and specify the page you want them to be redirected to.

<META http-equiv="REFRESH" content="60; url=login.asp">

the 60 is the number of seconds to wait.
600 = 10 minutes
1200 = 20 minutes

for a 20 minute wait with a redirect to login.asp if no action takes place try:
<META http-equiv="REFRESH" content="1200; url=login.asp">
0
 
dredgeCommented:
john844:

interesting idea, but that won't work if the user goes outside of your website for the 20 minutes...



chopper99:

i would use Prokni's second post - this is a good way of doing this.
0
 
prokniCommented:
I liked john844 idea as well, but the nice think about checking session variables in the beginning of the page is we can redirect user to another page that says
"your session has been expired"
and then have a lin k to logon page.
In this way, user knows what is going on!
0
 
John844Commented:
this method of using the refresh would only work for the situation described in <<Say a user starts taking a survey, then gets up and walks away.>>

You could also use a combination of the refresh and checking session variables.  to cover both directions.  If a user left the page and went to lunch, when they returned, the login page would be showing.  If the user went to another site for 25 minutes and then returned.  They would be redirected to the login page.

John
0
 
John844Commented:
to accomplish the session variable checking:

add code in the login page to set a session variable like session("Login") = userName

At the top of each other page add
If session("Login") = "" then
    'user not logged in,  either timed out or never loged in(clicked a link to this page)
    response.redirect "Login.asp?Message=" server.urlencode("Session timed out.  Please log back in")
end if

on the login page you can add code to pull the value of Message to show the specific error message to the user on why they are now looking at the login page when they asked to see the survey page.

John
0
 
John844Commented:
Prokni described the session variable usage before my last post, Sorry.  Typing instead of reading.;-)
0
 
brunoCommented:
>>Say a user starts taking a survey, then gets up and walks away.  If he does
no activity for 20 minutes, he times out.  When this happens I want him to be redirected to the login
page.  Without clicking anything else.




You can not do this.  The session expires on the server, the page has already been cached on the client machine.  Without the user clicking anything, or refreshing the page, or hitting submit, you can not redirect based on a session timeout.  The META tag refresh at 20 minutes would be a viable sounding alternative if the user just leaves the page open for 20 minutes.  

It was stated that the META refresh won't work if the user goes outside the website for the 20 minutes.  TRUE, but then you can do session checking to see if the session is still active, and you don't have to worry about it as much, cause you can check on the top of each page when the user enters your site again.

But the answer to your original post is, it can't be done.

BRUNO
0
 
John844Commented:
this can be done as we described Bruno.  the code would need to be changed a little to make it more dynamic if session timeouts change like changing the refresh time to something dynamic like session.timeout * 60 .

adding the code to test session values at the top of pages would take care of the person surfing outside site, but only when they came back to our site.  If the user never came back to our site, we could not force them to the login screen.

John
0
 
brunoCommented:
John,

as you described how?  I fail to see how the redirect can be done when the session times out without the user clicking on something.

BRUNO
0
 
hongjunCommented:
>> without the user clicking on something.
Exactly you need to click on something like the refresh button.

hongjun
0
 
ZhongYuCommented:
Hi guys,


What you are talking about (redirecting the user to another page AFTER he has left the site) is impossible.

HTTP communication must begins by client initiation a request, and server response back. When the browser leasve the site, it will not request to the site anymore. The server cannot initiate a request.  


You might try some dirty method by opening a new hidden window with the script that load the login page to its opener.
0
 
John844Commented:
bruno,
<<as you described how?  I fail to see how the redirect can be done when the session times out without
the user clicking on something.>>
meta refresh will redirect the user to the url specified after a period of time specified.  The time can be specified to equal the session time out.  If user watches page for 20 minutes, it will redirect them to the login page.
0
 
brunoCommented:
john,

I understand that, and if you read my earlier comments, I agreed I liked the META refresh, (((The META tag refresh at 20 minutes would be a viable sounding
alternative if the user just leaves the page open for 20 minutes.))) but the META refresh doesn't have a THING to do with the session timing out.  

There is NO WAY to accomplish what this user wants to do.


BRUNO
0
 
brunoCommented:
chopper,

have any of these comments helped you at all?

BRUNO
0
 
chopper99Author Commented:
Bruno-
Your comments have been pretty much useless.  Instead of being whiny and retarded saying "you can't do it" maybe propose an alternate solution that kinda works.  Like John did.

Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0

If (Session("Authenticated") <> Session.SessionID) Then
     Session("RequestedURL") = "http://" & _
         Request.ServerVariables("SERVER_NAME") & _
          Request.ServerVariables("SCRIPT_NAME")

     Temp = Request.ServerVariables("QUERY_STRING")
     If (Not(ISNull(Temp)) AND Temp <> "") Then
          Session("RequestedURL") = Session("RequestedURL") & _
              "?" & Temp
     End If
     Response.Redirect("/login.asp")
End If

seems to work pretty well.  Got that off 4guysfromrolla.  Thanks a ton to everyone who was helpful.  You were all helpful.  Except BRUNO who was all in all pretty useless.

Thanks again, I think that's pretty much it.  One thing I was surprised at was the lack of javascript.  Anyways...

Ted
0
 
brunoCommented:
Ted,

Keep up the mature attitude and you'll get tons of help from this site.

You asked a question, I responded with an answer.  A CORRECT answer for your question, I might add.  

If you were paying any attention, I stated that I LIKED John's alternative but wanted to point out that it wouldn't do exactly as you wanted it to.

I hope you either lose the attitude or get off the site, we don't need user's such as yourself around here.

BRUNO
0
 
chopper99Author Commented:
Thanks for pretending to be my dad, bruno.  Feel free to bite my nuts.  I think I'll leave because you told me to.  Oh wait, no.  Feel free to never read another question of mine around here.

Ted
0
 
ComTechCommented:
Okay people, that is quite enough.  I have already raised my children, and if they EVER made comments such as I have seen here, I would have sent them to their rooms.

This is a Professional site, bad, rude, and inflamitory remarks will not be tolerated here.  Not by the User or the Experts.  If you wish to still be here, I  suggest you clean up your acts.

Each and everyone of you SHOULD have read the rules and regulations when you signed up, both User and Experts.

all non Topic related comments will be removed after Admin sees this.

ComTech
Community Support
0
 
ComTechCommented:
chopper99, if your intention is to continue here at E-E, it is of my opinion you aploigize to brunobear, as he did nothing but try to help.

Admin has been notified of this siutation.

ComTech
Community Support
Moderator
0
 
ComTechCommented:
Goodbye  :-)

ComTech
0
 
ComTechCommented:
This question has been edited by ComTech, non relitive remarks were removed as was foul language.  And I altered chopper99's last remark.

Thanks all,
ComTech
Community Support
Moderator
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
  • 4
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now