Page Timeout in ASP.NET ~ Tutorial & Code Samples February 21, 2009
   
Objective
To redirect the user to a friendly html page upon experiencing an idle page timeout in ASP.NET applications. 

The redirect will be triggered upon any user interaction which causes a Postback after a predetermined amount of idle time has occurred.  This does NOT happen automatically after idle timeout period has expired.  A postback of some kind is required.  The scenario is that a user was away from their computer for a period of time (gone for lunch), returned to their computer, began to use it again and triggered the redirect to the friendly warning page.
 
Background
If you allow the default timeout behavior of an asp.net page to go unaddressed, it will result in an ugly idle timeout error if the user has left the program idle for at least 20 minutes.  This is also known as a Session Timeout, as the session ID which is automatically assigned to the connection will expire.  The session ID is formally referred to as the "ASP.NET_SESSIONID".  Another significant component involved in determining the timeout is the Cookie Header which can be checked by using the command: Request.Headers("Cookie"). 

For a very complex explanation of the behavior of these components and their relationship to an idle timeout, you can read this article.  Nevertheless a simple explanation of the existence of an idle timeout is to check for all of the following to be true:
  1) Context.Session is not null
2) Session.IsNewSession is true
3) Request.Headers("Cookie") is not null
4) ASP.NET_SESSIONID cookie is present
Overview
1) We will modify the web.config file in order to override the idle timeout length (in minutes).
2) We will create a global.asax file to test for the existence of a timeout and then redirect the user to a friendly html page warning.
3) We will make a minor adjustment within IIS in order to allow the global.asax code to function properly.
4) We will create a friendly html warning page called mytimeout.htm for the user to see.
5) Note: absolutely no modifications need to be made to any of your existing aspx pages.
 
Assumptions
1) I am using ASP.NET 2.0; VBscript; IE7; Windows 2003 Server; IIS 6.
2) All of my files (aspx, web.config, global.asax, mytimeout.htm) are sitting together in a single folder which itself is sitting in the WWWROOT folder on the server.
 
Procedures
Step #1 - Web.config file
Add the following code within the <system.web> tags:
Note the timeout is equal to 1 minute.  This is good for testing purposes, but should be changed later to suit your preference.  Very long timeout periods are memory intensive at the server end.  Setting the timeout as we are doing here, effectively overrides any Session timeout settings that exist within IIS.  This means you are now eliminating the default 20 minute timeout time period.
Tip: If you have not yet created a web.config file, then simply create a new text file and rename the file to web.config.  To get you started you can copy/past the complete code found below...
For the sake of continuity I am sharing my entire web.config file here:
 
Step #2 - global.asax file
Add the following code within Sub Session_Start():
Note that we have added the code within Session_Start.  This may seem counter intuitive as you might ask "Why aren't we adding this code to Session_End?"  With many articles on the web as well as my own personal experience, the Session_End event is unpredictable and unreliable.  And thus we are left with using Session_Start.  And thus we require a postback by the user after the idle timeout period in order for our redirect to occur.
Tip: If you have not yet created a global.asax file, then simply create a new text file and rename the file to global.asax.  To get you started you can copy/past the complete code found below...
For the sake of continuity I am sharing my entire global.asax file here:
 
Step #3 - IIS - Internet Information Services Manager
If we do not adjust a setting in IIS v6.0 then if you try to access your website at this point you will get an error similar to:
 
... allowDefinition='MachineToApplication' beyond application level ...
In order to resolve this we need to have IIS treat your web folder as an independent Application.  To do this, open IIS and navigate to Web Sites.  Find the folder containing your website.  In my case it is a folder called VAC.  I right-click on my VAC folder, and choose Properties.  In the Directory tab find Application Name and click the Create button.  Then click the OK button, and close IIS.
 
Step #4 - mytimeout.htm - friendly warning page
Create a new html file called mytimeout.htm and write a nice message saying something like "You have left the system idle for too long.  You must login again to continue".  You can then supply a hyperlink which would bring the user back to the login page.
Tip: If you are using Integrated Windows Authentication (ie. if a dialog box pops up requesting login information), then if you provide a link for the user to go back to your index.aspx file, the user will not need to enter their login account info again.  Instead the Session will automatically reset itself and the user will be able to immediately start using your system again starting with your index.aspx page.
 
Step #5 - Enjoy!
I hope this tutorial has been helpful, clear, and concise.  Feel free to send me feedback at the email address shown at the very top of this page.  Happy coding!
 
 

 Articles
   
click to read . . .
 

 Services
   
Project Management
Full SDLC Management,
Vendor Management,
Resource Management,
Timeline Management,
Risk Management
 
Business Analysis
Requirements Gathering, Systems Analysis, Design, Testing, Implementation, Documentation
 
Application Development
Paperless Information Systems,
Point of Sale Systems,
Gift Card Systems,
Human Resource Systems,
Medical Patient Tracking,
Digital Medical Patient Charts,
Online Shopping Carts,
Smartphone Apps (Palm Pre)
 
Systems Administration
Computer Network Installation,
Server Maintenance & Backup, Database Management,
Computer Maintenance & Repair
 
Graphic Design
Websites, Logos, Brochures, Magazine Ads, Business Cards