Solved

On session timeout-= i need redirect immediately.. how?

Posted on 2001-08-21
32
346 Views
Last Modified: 2012-06-27
I am designing a survey application for a relatively large company, and i've come across one problem that's really bugging me.  Say a user starts taking a survey, then gets up and walks away.  If he does no activity for 20 minutes, he times out.  When this happens I want him to be redirected to the login page.  Without clicking anything else.  He should be redirected immediately.  Session_onEnd is no good... i need a different way.  How?  Javascript?
0
Comment
Question by:chopper99
  • 6
  • 5
  • 4
  • +6
32 Comments
 
LVL 2

Expert Comment

by:prokni
ID: 6410367
I normally handle it in this way,
In on_session_start or on the first page say
session("timeout")=1
on each page added this file

if Isempty(session) then
   response.redirect "logon.asp"
end if

In this way if time out happens you lost your session vatiable and you can detect it in the beginning of the page.
I guess, there are more efficent way to do that, but this is really simple and easy to use.

Paymon
0
 
LVL 5

Expert Comment

by:dredge
ID: 6410423
prokni:

have you ever tried that? it will not work, because if you lose your session, the first time you go back to that website, you'll get a new session. therefore, session() will always have value.


chopper99:

use cookies.

store a cookie like this, whenever they hit your page in:

<%
Response.Cookies("SessionID")=Session.SessionID
Response.Cookies("SessionID").Expires=DateAdd("n",20,now())
%>


by using the DateAdd function, you can set the cookie to expire in 20 minutes.

but before that happens, you need to check to see if the cookie has already expired. if it has, redirect.

so, your final code will look like this:

<%
If Request.Cookies("SessionID")<>"" Then
  Response.Cookies("SessionID")=Session.SessionID
  Response.Cookies("SessionID").Expires=DateAdd("n",20,now())
Else
  Response.Redirect("/login/")
  Response.End
End If
%>
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6410437
Try adding it to your session_on_end event
0
 
LVL 2

Expert Comment

by:prokni
ID: 6410455
Actually i tried it and it works on my system,
I use it in security stuff on my end, when user login I get the userid and put it in one session, this is the code

session("employeeno") = employeeno

on top of each page I have this ocde to make sure session is not expired

if session("employeeno") = "" then
      response.redirect "Security.asp"
end if

If the session is expired then I redirect them to securoity.asp to ask the username and password again.
It works, When the session time out happens , it destry my session variable employeeno then
"if session("employeeno") = "" then"
 returns true.

Paymon
0
 
LVL 5

Expert Comment

by:dredge
ID: 6410459
thunder:

if you read the whole question, you'll see "Session_onEnd is no good" which is very true because session_onend doesn't work. http://www.aspfaq.com/faq/faqShow.asp?fid=66
0
 
LVL 5

Expert Comment

by:dredge
ID: 6410467
prokni:

the code you just posted is VERY different from what you posted previously.

this new code will work, yes. because is is specifically looking for the Session("employeeno"). your previous comments were looking at the entire Session object "Isempty(Session)" which will ALWAYS return False because the Session object is NEVER empty - it always has Session.SessionID, as well as other values stored in it.
0
 
LVL 2

Expert Comment

by:prokni
ID: 6410476
Sorry it was typo,
you are right, but anyway it works.
0
 
LVL 7

Expert Comment

by:John844
ID: 6410689
I would place a meta refresh tag on the page. set the wait value to 20 minutes and specify the page you want them to be redirected to.

<META http-equiv="REFRESH" content="60; url=login.asp">

the 60 is the number of seconds to wait.
600 = 10 minutes
1200 = 20 minutes

for a 20 minute wait with a redirect to login.asp if no action takes place try:
<META http-equiv="REFRESH" content="1200; url=login.asp">
0
 
LVL 5

Expert Comment

by:dredge
ID: 6410747
john844:

interesting idea, but that won't work if the user goes outside of your website for the 20 minutes...



chopper99:

i would use Prokni's second post - this is a good way of doing this.
0
 
LVL 2

Expert Comment

by:prokni
ID: 6410756
I liked john844 idea as well, but the nice think about checking session variables in the beginning of the page is we can redirect user to another page that says
"your session has been expired"
and then have a lin k to logon page.
In this way, user knows what is going on!
0
 
LVL 7

Expert Comment

by:John844
ID: 6410778
this method of using the refresh would only work for the situation described in <<Say a user starts taking a survey, then gets up and walks away.>>

You could also use a combination of the refresh and checking session variables.  to cover both directions.  If a user left the page and went to lunch, when they returned, the login page would be showing.  If the user went to another site for 25 minutes and then returned.  They would be redirected to the login page.

John
0
 
LVL 7

Expert Comment

by:John844
ID: 6410789
to accomplish the session variable checking:

add code in the login page to set a session variable like session("Login") = userName

At the top of each other page add
If session("Login") = "" then
    'user not logged in,  either timed out or never loged in(clicked a link to this page)
    response.redirect "Login.asp?Message=" server.urlencode("Session timed out.  Please log back in")
end if

on the login page you can add code to pull the value of Message to show the specific error message to the user on why they are now looking at the login page when they asked to see the survey page.

John
0
 
LVL 7

Expert Comment

by:John844
ID: 6410811
Prokni described the session variable usage before my last post, Sorry.  Typing instead of reading.;-)
0
 
LVL 18

Expert Comment

by:bruno
ID: 6411112
>>Say a user starts taking a survey, then gets up and walks away.  If he does
no activity for 20 minutes, he times out.  When this happens I want him to be redirected to the login
page.  Without clicking anything else.




You can not do this.  The session expires on the server, the page has already been cached on the client machine.  Without the user clicking anything, or refreshing the page, or hitting submit, you can not redirect based on a session timeout.  The META tag refresh at 20 minutes would be a viable sounding alternative if the user just leaves the page open for 20 minutes.  

It was stated that the META refresh won't work if the user goes outside the website for the 20 minutes.  TRUE, but then you can do session checking to see if the session is still active, and you don't have to worry about it as much, cause you can check on the top of each page when the user enters your site again.

But the answer to your original post is, it can't be done.

BRUNO
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 7

Accepted Solution

by:
John844 earned 200 total points
ID: 6411185
this can be done as we described Bruno.  the code would need to be changed a little to make it more dynamic if session timeouts change like changing the refresh time to something dynamic like session.timeout * 60 .

adding the code to test session values at the top of pages would take care of the person surfing outside site, but only when they came back to our site.  If the user never came back to our site, we could not force them to the login screen.

John
0
 
LVL 18

Expert Comment

by:bruno
ID: 6411742
John,

as you described how?  I fail to see how the redirect can be done when the session times out without the user clicking on something.

BRUNO
0
 
LVL 33

Expert Comment

by:hongjun
ID: 6412094
>> without the user clicking on something.
Exactly you need to click on something like the refresh button.

hongjun
0
 
LVL 2

Expert Comment

by:ZhongYu
ID: 6412175
Hi guys,


What you are talking about (redirecting the user to another page AFTER he has left the site) is impossible.

HTTP communication must begins by client initiation a request, and server response back. When the browser leasve the site, it will not request to the site anymore. The server cannot initiate a request.  


You might try some dirty method by opening a new hidden window with the script that load the login page to its opener.
0
 
LVL 7

Expert Comment

by:John844
ID: 6414705
bruno,
<<as you described how?  I fail to see how the redirect can be done when the session times out without
the user clicking on something.>>
meta refresh will redirect the user to the url specified after a period of time specified.  The time can be specified to equal the session time out.  If user watches page for 20 minutes, it will redirect them to the login page.
0
 
LVL 18

Expert Comment

by:bruno
ID: 6414946
john,

I understand that, and if you read my earlier comments, I agreed I liked the META refresh, (((The META tag refresh at 20 minutes would be a viable sounding
alternative if the user just leaves the page open for 20 minutes.))) but the META refresh doesn't have a THING to do with the session timing out.  

There is NO WAY to accomplish what this user wants to do.


BRUNO
0
 
LVL 18

Expert Comment

by:bruno
ID: 6414948
chopper,

have any of these comments helped you at all?

BRUNO
0
 

Author Comment

by:chopper99
ID: 6415316
Bruno-
Your comments have been pretty much useless.  Instead of being whiny and retarded saying "you can't do it" maybe propose an alternate solution that kinda works.  Like John did.

Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0

If (Session("Authenticated") <> Session.SessionID) Then
     Session("RequestedURL") = "http://" & _
         Request.ServerVariables("SERVER_NAME") & _
          Request.ServerVariables("SCRIPT_NAME")

     Temp = Request.ServerVariables("QUERY_STRING")
     If (Not(ISNull(Temp)) AND Temp <> "") Then
          Session("RequestedURL") = Session("RequestedURL") & _
              "?" & Temp
     End If
     Response.Redirect("/login.asp")
End If

seems to work pretty well.  Got that off 4guysfromrolla.  Thanks a ton to everyone who was helpful.  You were all helpful.  Except BRUNO who was all in all pretty useless.

Thanks again, I think that's pretty much it.  One thing I was surprised at was the lack of javascript.  Anyways...

Ted
0
 
LVL 18

Expert Comment

by:bruno
ID: 6415343
Ted,

Keep up the mature attitude and you'll get tons of help from this site.

You asked a question, I responded with an answer.  A CORRECT answer for your question, I might add.  

If you were paying any attention, I stated that I LIKED John's alternative but wanted to point out that it wouldn't do exactly as you wanted it to.

I hope you either lose the attitude or get off the site, we don't need user's such as yourself around here.

BRUNO
0
 

Author Comment

by:chopper99
ID: 6415497
Thanks for pretending to be my dad, bruno.  Feel free to bite my nuts.  I think I'll leave because you told me to.  Oh wait, no.  Feel free to never read another question of mine around here.

Ted
0
 

Expert Comment

by:ComTech
ID: 6417653
Okay people, that is quite enough.  I have already raised my children, and if they EVER made comments such as I have seen here, I would have sent them to their rooms.

This is a Professional site, bad, rude, and inflamitory remarks will not be tolerated here.  Not by the User or the Experts.  If you wish to still be here, I  suggest you clean up your acts.

Each and everyone of you SHOULD have read the rules and regulations when you signed up, both User and Experts.

all non Topic related comments will be removed after Admin sees this.

ComTech
Community Support
0
 

Expert Comment

by:ComTech
ID: 6417907
chopper99, if your intention is to continue here at E-E, it is of my opinion you aploigize to brunobear, as he did nothing but try to help.

Admin has been notified of this siutation.

ComTech
Community Support
Moderator
0
 

Expert Comment

by:ComTech
ID: 6418876
Goodbye  :-)

ComTech
0
 

Expert Comment

by:ComTech
ID: 6418955
This question has been edited by ComTech, non relitive remarks were removed as was foul language.  And I altered chopper99's last remark.

Thanks all,
ComTech
Community Support
Moderator
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now