I want to reset the session timeout if the user is active with in the session timeout.
means:
Let an user is logged in to a system whose session time out is 10 min. if the user do some operation with that timeout then the session time out will start when the user is inactive.
if the user is again do so operation then the session time out will be rest.
how to do this one.
please help
Thanks
put follow configuration in your web.config
<sessionState timeout="10" />
MSDN says:
Optional TimeSpan attribute.
Specifies the number of minutes a session can be idle before it is abandoned. The timeout attribute cannot be set to a value that is greater than 525,600 minutes (1 year) for the in-process and state-server modes.
The session timeout configuration setting applies only to ASP.NET pages. Changing the session timeout value does not affect the session time-out for ASP pages. Similarly, changing the session time-out for ASP pages does not affect the session time-out for ASP.NET pages.
The default is 20 minutes.
reference:http://msdn.microsoft.com/en-us/library/h6bb9cz9%28v=vs.100%29.aspx
The Server will Automatically reset the Session Time Out , once the user becomes active.
There is not explicit code required to accomplish this..just setting the Session time out would be good enough..
Updated:
Then you should be worth looking at this:
How to stop session timeout after 20minutes in asp.net?
Hope this helps..
Related
First of all, let me ask this:
Let's say that a web application has its timeout set to 10 minutes. For some reason, the user is idle. If he/she returns and press any key or moves the mouse, it resets the timeout? Or it is based on the last time it went to the server?
And now the second question: is there a way to find the time until the user gets logged off due to innactivity?
From MSDN:
The Timeout property specifies the time-out period assigned to the
Session object for the application, in minutes. If the user does not
refresh or request a page within the time-out period, the session
ends.
So in answer to your question, the timeout is reset if the user sends a request to the server by either navigating to another page or refreshing the current page (or possibly by using some form of AJAX keep-alive method (See this question)).
This article on Code Project provides a pretty good overview of Sessions within ASP.net
For your second question, this gets a little complex as the session timeouts are managed by IIS so your page has no idea how much longer the session will be valid for. I have seen examples where another timer is placed with in the page itself and when this reaches a certain low value the user is warned that their session is about to expire. The page could then refresh (resetting the session timeout value in IIS) and the user wouldn't be logged out / lose their session.
However, this will require the session timeout value that is configured is kept in sync with the value configured in the JavaScript function.
I have set session time out to 9 hours in web.config file something like this:
“<sessionState mode="InProc" timeout="540" />
But often users complain that they are facing time out in less than 9 hours of inactivity and the time interval after they are timed out also varies.
I was wondering if session time out is dependent on any of the below settings in IIS:
Session time setting
Idle- time out setting for Application pool
Recycling setting.
Please advise.
Also, how do I check session time out setting in IIS 7.0?
The session will be lost when the ApplicationPool recycles. That's one of the IIS settings that you mentioned. To set only the timeout in the web.config will not be enough. You need to adjust the setting in IIS.
Here is a link I found while I was looking into the same problem.
Also, this question was very useful: Losing Session State
If you are using Forms authentication you should make sure your FormAuthentication Cookie is set to expire at the same time as your Session.
If not make sure your IIS is not getting recycled. ( put a logger in your Global.asax to verify the application end events compared to your users complaints.)
It is not enough to set session time out in your web config. If the server on which your site is hosted is having less time out value set in IIS setting, your session is time out according to the server session time out value.
also if you are deleting any folder from the server directory, this can also cause your AppPool to recycle unexpectedly.
so please check the server session time out value and if it less then ask your hosting to increase it as per your requirement.
Is the session state timeout setting in the web.config the same as IIS 7 idle timeout setting? If not, which one takes priority? I would like to increase users sessions to a couple of hours.
Make sure your AppPool's idle timeout is GREATER than your session timeout.
Once your AppPool times out, all session data is lost.
Idle timeout is for the application pool as a whole. It kicks in if all the applications linked to the pool have had no activity within the set time.
Session state is per session. This is specifically for a single user session. You can have many sessions occurring at any single time.
Already someone has raised this question in this forum regarding session timeout. Would appreciate if someone can clarify this again.
I have an asp.net 2.0 application which times out after say 15-20 minutes if user didnt do any activity and presses a button on the page(he is redirected to sessionExpired.aspx page). I have set the session timeout to 60 minutes in my web.config file but still somehow the user is timed out.
I have another question related to this regarding the Session Timeout Precedence. Does IIS session timeout take priority over ASP.NET session timeout. Say if IIS session timeout is set to 20 minutes and ASP.NET session timeout is 60 minutes, does ASP.NET override IIS session timeout.
IIS takes precedence, but they deal with slightly different scenarios.
In the case of IIS, the default 20 minutes time-out for the application pool is referring to incoming requests. If your application doesn't receive any requests at all for 20 minutes then the application pool is put to sleep to save resources. When this happens all the sessions in your application are gone.
The ASP.NET session time-out deals with per-session requests. Your site could be quite busy, but if one user (i.e. session) is not active for 20 minutes only that session is discarded.
So yes, to make sure the session stays alive for 60 minutes you have to change the time-out settings for the IIS application pool as well as web.config.
Another way of approaching this problem is to periodically send a small AJAX "ping" (i.e. a page request with a random ID to prevent browser caching) back to the server. This way, as long as the user doesn't close the browser, the session will be preserved.
The application sets session.timeout in Application_AcquireRequestState event handler.
Before session expires, there is notification window popping up. It resets session timeout to, say, 3 minutes (normally, it is 30 minutes), through Application_AcquireRequestState.
The notification offers user an option to extend session for another 30 minutes. If user clicks yes, it will reset session timeout for 30 minutes through the previous event handler.
The problem is, though user clicks yes, and session timeout is set correctly, session seems timeout before the set time. This only happens after notification.
The suspicion is when it hits Application_AcquireRequestState, the timeout is already calculated for this request. The new timeout value will be used for next request. So when user clicks yes to extend session, the timeout for current request is not 30 minutes away, it is only 3 minutes away, due to timeout set by the notification window. The yes will only be in effect if user sends another request.
(Notification window has its own timing object)
Can anyone verify this? or point me to a good resource to explain how asp.net manages this?
Thanks!
Session.Timeout is a global setting within the application.
If you're setting the users Timeout to 3 minutes when you pop the window notifying the user that they are about to be logged out, and they don't respond, your Session.Timeout will stay at three minutes until another user resets it - is it possible that this is happening?
Zhaph, the problem is when user clicked "Yes" to extend the session, then walk away.
I think I finally nailed down the problem.
It was as I suspected, but only in "SQLServer" mode. When request comes into Application_AcquireRequestState, the session is already extended (can be verified in ASPState database, ASPStateTempSessions table). If user clicked "Yes", though the new time out value is set, it won't be in effect until next server request. If user walked away without another click, session timed out with the previously set timeout value, which is 3 minutes.
In "InProc" or "StateServer" mode, the session objects are managed by cache, whose expiration can be reset only further in the future but not shrink back to more current time (or it will be ignored).
I use a much simpler mechanism. I don't have the popup extend the session at all. I use a session with a sliding window and when the user clicks the "OK" button in the session expiration notification, it makes an AJAX request back to the server updating the sliding window.