In some web applications that show sensitive data, such as online banking, we want to “time out” the user’s session after a certain amount to time. For instance, we might want to log out the user automatically and redirect the user to the home page.
This is an important security feature, but at the same time, the user might not like it if she is logged out automatically right in the middle of reading something on the page. So it would be a good idea to display a message before actually timing out and maybe give the user a chance to do something about it.
Create a new ASP.NET Web Application in Visual Studio.
Add a ScriptManager control to the Default.aspx page or to the master page.
<asp:scriptmanager id="ScriptManager1" runat="server" />
If you add the ScriptManager control to the master page, you will need to add a ScriptManagerProxy control to the Default.aspx page.
As I mentioned on another post, ScriptManager takes care of loading the necessary ASP.NET AJAX components to enable partial postback and other AJAX operations.
In this code, we set two timers in the pageLoad() function. One timer will display a warning and the second one will actually time out the session. For the purpose of this test, we’ll just refresh the page, but in a real scenario, we would probably redirect the user to the logout page.
We get the minutes for each timer from the web.config with the ConfigurationManager class.
You will need to add these app setting to the web.config. For this sample, I’ll use just 1 and 2 minutes for each timer.
<appSettings> <add key="SessionTimeout" value ="2"/> <add key="SessionTimeoutWarning" value ="1"/> </appSettings>
That’s it, go ahead and run the app and wait…
Please leave your comments if you have any issue or if you there’s anything that can be improved.