Explicitly renewing a session

[Algernon83]

I'd like to display a window prompting the user to stay logged into my site when the session is close to expiring. But how can I tell ASP to renew the session? I don't need to add data to or remove it from the session object, so I'm not sure what I need to do.

 

[rac2]

One way to keep the session alive is to refresh the page with a <META> tag.

<meta http-equiv="Refresh" content="900; URL=refreshURL">

I suppose you could refresh to a renewal page or to a login page a few minutes before the session expires.

 

[Algernon83]

I'm afraid that solution won't do; the page in question has a form on it and any data entered would be lost in the event of a refresh.

Allow me to clarify my question: If I use a JavaScript setTimeout call to make a new window appear shortly before the session times out, and this window displays a link to have the user remain logged in, what ASP code will have to be executed when that link is clicked? Or will viewing any ASP file re-start the session timeout?

 

[Sheco]

Does it even need to be a request for an ASP or will any request keep the server from timing out? When you get down to it, the question is: "Does the browser send the session cookie along with EVERY request or only requests for Active Server Pages?"

In either case, creating the request is a client-side issue rather than an Active Server Pages pages problem since the session wont be discared by the server until 20 minutes after the last client request. (Unless you change the default timeout.)

The JavaScript forum (forum216) is the best place to address client-side issues so you might try over there.

PS: If the browser sends the session cookie with every request then perhaps you could create an instance of the xmlhttp object in client-side script and use it to make a request for a simple dummy page. The purpose of the request wouldn't be to actually USE anything from the dummy page, the purpose would be to reset the timeout counter on the server.

 

[Algernon83]

Does the browser send the session cookie along with EVERY request or only requests for Active Server Pages?" is a valid way to rephrase the question, assuming that the server resets the session timeout whenever it receives the cookie, but neither of these issues has been resolved. You are correct that creating the request is a client-side issue, but I've already done that part.

 

[rac2]

Yes, simply refreshing would lose the form data.

Your idea about opening a new window with a warning sounds promising. Say the new window has a form that is submitted when the viewer clicks on a button that says "Yikes, dont log me out!" I think there is a good chance that will keep the session alive.

The request generated by the form in the KeepAlive window need not do much. It could submit to itself, which will cause the server to restart the session timer, (maybe that is setting a new session cookie).

When the keep_alive.asp script processes the request it can build a self-closing HTML page that has nothing but a script.

<html>
<head>
<title>Keep Session Active</title>
<SCRIPT LANGUAGE="JavaScript"><!--
	window.self.close();
//-->
</SCRIPT>
</head>
<body>
</body>
</html>