I have a hosted Silverlight 4 application. My task is to notify a Silverlight user when his ASP.NET session is about to expire with a simple dialog box, saying something like "Your session is about to expire, would you like to reset the session?" with two buttons [Yes], and [No]. When the user clicks [Yes] I would like to update the ASP.NET session, otherwise I would just let it expire. What is the best methodology to use here?
I've taken a look at different forums, and most people just simply poll the server every-so-often from the page hosting the Silverlight application. This wouldn't do for me. I thought of creating a singleton DispatcherTimer that would start on Silverlight application startup, would fetch Session.Timeout value from the server using WCF and would run for (Session.Timeout - some delta) minutes. When the timer expires it would pop the notification window. Moreover, since this notification window should only pop after a period of inactivity, I'd like to reset this timer every time a WCF call is performed (which essentially defines activity). Is this sound? Are there any better methods? What are your thoughts?
P.S. I'm also planning on doing something similar for Forms timeout.
You may or may not be opposed to this, but I've found it useful in RIAs to have a timer running that makes a keep-alive request to the ASP.NET server in order to prevent the session from expiring while the application is active. At the same time, in case something happened on the server that caused the session to expire, you could detect that condition in the keepalive handling and tell the client that the expiration has taken place.
Related
First of all, let me ask this:
Let's say that a web application has its timeout set to 10 minutes. For some reason, the user is idle. If he/she returns and press any key or moves the mouse, it resets the timeout? Or it is based on the last time it went to the server?
And now the second question: is there a way to find the time until the user gets logged off due to innactivity?
From MSDN:
The Timeout property specifies the time-out period assigned to the
Session object for the application, in minutes. If the user does not
refresh or request a page within the time-out period, the session
ends.
So in answer to your question, the timeout is reset if the user sends a request to the server by either navigating to another page or refreshing the current page (or possibly by using some form of AJAX keep-alive method (See this question)).
This article on Code Project provides a pretty good overview of Sessions within ASP.net
For your second question, this gets a little complex as the session timeouts are managed by IIS so your page has no idea how much longer the session will be valid for. I have seen examples where another timer is placed with in the page itself and when this reaches a certain low value the user is warned that their session is about to expire. The page could then refresh (resetting the session timeout value in IIS) and the user wouldn't be logged out / lose their session.
However, this will require the session timeout value that is configured is kept in sync with the value configured in the JavaScript function.
i run a background thread in Application_Start() in global.asax
to use it like windows service
but applicaton_end fire when all session is ended in my website
i have a sms Business that work with webservice and i want to have agent in my server that
check incoming message like windows service
i increase session timeout to 10 hours but when i close browser application end fired and
my thread stop working
i cant change server properties
can i disable application_end to thread keep working?
I apologize to you because of poor english writing
You should make a separate program that runs as a service or a batch program to do that. Although ASP.NET persists static variables and such between page loads, you shouldn't be using it to run things in the background. There is no guarantee that things will keep running.
If you need something to happen on the user's end when something happens on the server (like a message received (like on facebook), someone responds to a request, or some other event is raised) you need to implement a polling system in javascript on the webpage that the user sees which uses AJAX (look it up...its such an awesome concept) to periodically talk to the server to see if anything happened. That is how Facebook chat works along with most webmail systems to check for new messages. The server doesn't talk to the browser...the browser asks the server if anything happened.
Here is an example of a chat program that uses AJAX: http://www.dynamicajax.com/fr/JSON_AJAX_Web_Chat-.html
It isn't exactly what you are doing, but it demonstrates the concept of trying to check something after the page has been loaded and making the user's browser respond.
Nay be use a .NET version of quartz-scheduler library (http://quartz-scheduler.org/) for defining and triggering a job based on the configuration (cron expresion).
iis automatically close website application when no session is open in website
for disable this you can change idle time in iis or read website link in global.asax (application_end) function to start a new session
Are there any ways in ASP.net to fetch data from the server without extending the session timeout? This needs to be done every few minutes without user interaction until the page is closed.
Additional context, as requested:
The pages in my webapp needs to poll the server every few minutes to check for a particular condition (emergency maintenance scheduled for 30 minutes time, in this instance). When the condition is true, the page will display a message to the user. When the condition is false, nothing needs to happen.
As I understand it, postbacks to the server reset the time until the session expires. We do not want the session to be extended/refreshed/reset/whatever the word is every time the page polls the server. I need a way to poll the server automatically without resetting the session timeout.
Thanks.
If you're asking in the context of a lengthy HTTP request, so that you're looking to prevent an HTTP timeout, look at web.config's <httpRuntime executionTimeout="99999"></httpRuntime> where executionTimeout is in seconds I think, http://msdn.microsoft.com/en-us/library/e1f13641(v=vs.71).aspx.
If it is truly just a session timeout issue, is it possible to asynchronously ping the server under the same user session, while the lengthy process is running?
Edit:
Based on your edit, if you partition your "web site maintenance" web service into a service outside of the session state scope of the normal part of the site, then you can call it as often as you'd like. If you're using an ASMX web service in your current website at this time, for example, simply partition it into a separate application, perhaps as a directory off of your application, so that it falls under the same domain. I imagine that would work fine.
I'm not sure what web service type you're invoking at this time (ASMX, WCF, etc.), or even if the web service that you're invoking at this time is in the same application as your ASPX application pages.
First, if a query is running beyond the session time limit then there is a serious problem with the query. I would rather fix the query first.
However if you still want to do it using the session, try this:
You can have a Dummy.aspx in your app and then have a image element refresh its URL every 15 minutes like:
<img id="dummyImage" src="/Dummy.aspx" width=0 height=0/>
<script type="text/javascript">
var dummyImage = document.getElementById("dummyImage");
setInterval(function(){
dummyImage.src = "Dummy.aspx?_tmp=" + (Math.random() * 100000);
}, 900000);
</script>
This way you will not impact the session timeout at a global level.
Use a javascript timer which fires an AJAX call. So in your PageLoad event echo out a javascript setInterval(functiontocall(), timetowait); function. The method you call will be the AJAX hit to a web service which does your query.
This will keep calling itself until the user closes the page.
Sessions do not get refreshed from AJAX hits.
I have a problem of the session not expiring. Here is my case
I have a application in asp.net1.1. i am able to handle session when user click logout button. Session is active for 35 minutes. the application is also check if same user is trying to login using multiple machine and blocks it.
Now this application is deployed in city where there is power outage. When user is loggd in and light goes off, the session remain open. Due to this, the user is not able to log in again for next 35 minutes from alternate machine.
Can you tell solution of how to handle issue of session remained open the right way?
Did you write the code that if a session already exists, refuse another login? If so, you will probably have to change it. It is more common to kill the old session and start a new one if necessary. I prefer to allow multiple sessions for a single user unless there is some specific security requirement not too.
Lookup the SessionState timeout field in Web.config.
Best solution is to add UPS to the client workstations so they don't lose the connection if the power goes out. The only other option I can think of in this situation is to add something to the login code which, instead of blocking an alternate location login, instead forces the other session to be expired on a successful login.
We solved some similar issue this way:
in the body of the asp.net page, we attach on the onload event an ajax call. In this ajax call, the session timeout is set to 35 mins.
Also an ajax call is attached to the onunload, where we set the session timeout to 1 min.
This way the user has 35 min timeout when using the application, yet has 1 minute timeout when closing the application.
I am trying to use Channel Factory and caching it in my asp.net mvc.
I am using PerSession Instance mode as I need to know the state.
Because of this I cannot close the proxy immediately. And I dont want
to reopen ,close proxy everytime.
If I leave the proxy open it is timing out at the 12th time. I can
increase the concurrent session timeout but I want to know if it is
the right approach to go.
I am new to WCF so pardon If my question is stupid.
-Thanks in advance
Pratt
The answer maybe activating the slidingExpiration property in the forms authentication element, although by default this is turned on. With this, after each call the timer is reset to the timeout value so the session stays active whilst it's in use.
See this MSDN Link: Forms Authentication & slidingExpiration property
EDIT - response to comment:
Yes, when the session timeout is reached you will need to reauthenticate before being able to accesss the services again. You should set the timeout value to the length of inactivity (in minutes) that you would consider the user is no longer active (default 30 mins), then the sliding expiration will reset this value if the user keeps calling. I'd try doing some simple tests with the timeout set to 1 minute with different scenarios to prove it to yourself.