Solved

Session Timeout - What constitutes Activity

Posted on 2006-12-01
9
435 Views
Last Modified: 2008-01-09
I have a web a web page which has two panels and a button to switch between them and a submit button on panel B

so the user enters data in the several text boxes on panel A then hits the Next button which hides panel A and shows Panel B,

it may take the user over 15 minutes to enter the data however the session timeout is set at 15 minutes, ive had reports from people saying by the time they finish entering data into both panels and hit the submit button they are being redirected to the login page


question
does typing into a text field constitute activity
does clicking on the [next] button which switches between panels constitute activity

or

does activity only occurs if a request is sent back to the server?

thanks
stephen
0
Comment
Question by:enterpriseireland
9 Comments
 
LVL 7

Accepted Solution

by:
Dimandja earned 250 total points
ID: 18055564
The session timeout has nothing to do with typing or anything else.  Session timeout occurs after the timeout has been reached regardless of any pending activities.

Session timeouts are renewed once the server has been hit.  This means simply typing into a datafield is meaningless: you must submit the typed data to renew a session time limit.

Some reading material on the subject:
http://www.extremeexperts.com/Net/Articles/RedirectingPageAfterSessionTimeout.aspx
http://aspalliance.com/520
http://www.codeproject.com/aspnet/Reconnect.asp
0
 
LVL 7

Expert Comment

by:jj819430
ID: 18055625
Dimandja is absolutely right.

You can use a javascript though to maintain your position.

Simple way:

Create a webform called SessionRenew.aspx

on the website do a function that runs every 5 minutes or so and uses the AJAX command (IE = GetXmlHttpObject)
and do a post to the sessionRenew page. That will renew the sessiontimeout.
0
 
LVL 44

Expert Comment

by:Arthur_Wood
ID: 18056155
Why have you set the Session timeout to 15 minutes, if it takes at least that long for users to enter the values required on the Web page, before they can submit it.  I would suggest that you should increase the Session Timeout to something closer to 30 minutes.

The purpose of the Session Timeout is to ensure that the session closes down if the user does NOT close it themselves, and simply walks away from the terminal.  

AW
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:enterpriseireland
ID: 18064243
we had a  security consultancy firms had a look at a system we were building and due to the nature of the data being supplied stated our session timeout should be 15, i would like to push it out to 30 minutes but we are not allowed, i was thinking about using ajax however the site were building has to be AA accessibility compliant, thus we cant use javascript
0
 
LVL 44

Expert Comment

by:Arthur_Wood
ID: 18065725
weell the, with a 15 minute session timeout, and the users statement that it takes then more than 15 minute to enter data on the page (which sounds very strangfe to me--what is requiring so much time to enter data on a single page?) then you would appear to have a serious problem.  YOu may want to consider breaking the data entry up into two stages, so that half of the datacan be entered, saved, and then the other hals of the data entered.  That should allow users to make a response to he Server before the 15 minute Seeion timeout has expired.

AW
0
 
LVL 7

Expert Comment

by:Dimandja
ID: 18069348
There are some ways of handling your timeout problem.

1. When you detect user activity (i.e. Keyboard events), you can make a quick trip to the server to renew the session.  
See an example here: http://www.codeproject.com/aspnet/Reconnect.asp

2. You can detect an impending session timeout, and alert the user.  The user can then allow the session to end (i.e. no response within a couple o minutes, etc...), or the user can let the application know that they are still laboring on inputting data (at which point you renew the session).
See an example here: http://www.thescripts.com/forum/thread224158.html

NOTE: All the examples I gave were not tested by me, and they are posted here as illustrations only.  You can find better/other code to accomplish the same functionnality.
0
 
LVL 7

Expert Comment

by:Dimandja
ID: 18272542
This question was fully answered.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
XAML: Layout 8 25
WKHTMLTOPDF - --disable-smart-shrinking not working 10 36
Resolve Dependency Issues 4 45
C#.NET and microsoft certification. 3 32
Summary: Persistence is the capability of an application to store the state of objects and recover it when necessary. This article compares the two common types of serialization in aspects of data access, readability, and runtime cost. A ready-to…
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now