| Page Timeout in ASP.NET
~ Tutorial & Code Samples |
February 21, 2009 |
|
|
|
| Objective |
To redirect the user to a friendly
html page upon experiencing an idle page timeout in ASP.NET
applications.
The redirect will be triggered upon
any user interaction which causes a Postback after a
predetermined amount of idle time has occurred.
This does NOT happen automatically after idle timeout
period has expired. A postback of some kind is
required. The scenario is that a user was away
from their computer for a period of time (gone for
lunch), returned to their computer, began to use it
again and triggered the redirect to the friendly warning
page. |
| |
| Background |
If you allow the default timeout
behavior of an asp.net page to go unaddressed, it will
result in an ugly idle timeout error if the user has
left the program idle for at least 20 minutes.
This is also known as a Session Timeout, as the session
ID which is automatically assigned to the connection
will expire. The session ID is formally referred
to as the "ASP.NET_SESSIONID". Another significant
component involved in determining the timeout is the
Cookie Header which can be checked by using the command: Request.Headers("Cookie").
For a very complex explanation of the behavior of these
components and their relationship to an idle
timeout, you can
read this article. Nevertheless a simple
explanation of the existence of an idle timeout is to
check for all of the following to be true:
|
| |
1) Context.Session is not
null
2) Session.IsNewSession is true
3) Request.Headers("Cookie") is not null
4) ASP.NET_SESSIONID cookie is present |
|
|
| Overview |
1) We will modify the web.config
file in order to override the idle timeout length (in
minutes).
2) We will create a global.asax file to test for the
existence of a timeout and then redirect the user to a
friendly html page warning.
3) We will make a minor adjustment within IIS in order
to allow the global.asax code to function properly.
4) We will create a friendly html warning page called
mytimeout.htm for the
user to see.
5) Note: absolutely no modifications need to be made
to any of your existing aspx pages. |
| |
| Assumptions |
1) I am using ASP.NET with VBscript.
I am also using IE7.
2) All of my files (aspx, web.config, global.asax, mytimeout.htm) are sitting
together in a single folder
which itself is sitting in the WWWROOT folder on the
server. |
| |
| Procedures |
| Step #1 - Web.config file |
| Add the following code within the
<system.web> tags: |
|
Note the timeout is equal
to 1 minute. This is good for testing purposes,
but should be changed later to suit your preference.
Very long timeout periods are memory intensive at the
server end. Setting the timeout as we are doing
here, effectively overrides any Session timeout settings
that exist within IIS. This means you are now
eliminating the default 20 minute timeout time period.
|
| Tip: If you have not yet
created a web.config file, then simply create a
new text file and rename the file to web.config.
To get you started you can copy/past the complete code found below... |
|
| For the sake of continuity I am sharing my entire
web.config file here: |
|
| |
| Step #2 - global.asax file |
| Add the following code within Sub
Session_Start(): |
|
| Note that we have added the code
within Session_Start. This may seem counter
intuitive as you might ask "Why aren't we adding this
code to Session_End?" With
many articles on the web as well as my own personal
experience, the Session_End
event is unpredictable and unreliable. And thus we
are left with using Session_Start. And
thus we require a postback by the user after the idle
timeout period in order for our redirect to occur. |
| Tip: If you have not yet
created a global.asax file, then simply create a
new text file and rename the file to global.asax.
To get you started you can copy/past the complete code found below... |
|
| For the sake of continuity I am sharing my entire
global.asax file here: |
|
| |
| Step #3 - IIS - Internet
Information Services Manager |
If we do not adjust a setting in IIS
then if you try to access your website at this point you
will get an error similar to:
...
allowDefinition='MachineToApplication' beyond
application level ...
In order to resolve this we need to have IIS treat your
web folder as an independent Application. To do
this, open IIS and navigate to Web Sites.
Find the folder containing your website. In my
case it is a folder called VAC. I right-click on
my VAC folder, and choose Properties. In the
Directory tab find Application Name and
click the Create button. Then click the
OK button, and close IIS. |
| |
| Step #4 - mytimeout.htm -
friendly warning page |
| Create a new html file called
mytimeout.htm and write a nice message saying
something like "You have left the system idle for too
long. You must login again to continue". You
can then supply a hyperlink which would bring the user
back to the login page. |
| Tip: If you are using
Integrated Windows Authentication
(ie. if a dialog box pops up requesting
login information), then if you provide a
link for the user to go back to your index.aspx
file, the user will not need to enter their
login account info again. Instead the
Session will automatically reset itself and the
user will be able to immediately start using
your system again starting with your index.aspx
page. |
|
| |
| Step #5 - Enjoy! |
| I hope this tutorial has been
helpful, clear, and concise. Feel free to send me feedback
at the email address shown at the very top of this
page. Happy coding! |
| |
