Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Redirecting when Session Times Out 2

Status
Not open for further replies.
Scanlan

Scanlan

Technical User
Sep 7, 2001
35
US
Hi all,

I have an ASP project that various types of users are going to use. These users will have different timeout values associated with them. When the timeout value is reached, I want to redirect the user to the login page.

I did a little looking around on this site and some experimenting. Making a Session_OnEnd in the Global.asa file does not work. It causes a run-time error on my server.

I found a suggestion for adding a meta tag to the head of the page. This isn't going to work for me because I don't have one standard timeout value, my different users have different timeout values.

Someone suggested there might be a way to do it with JavaScript. Can someone point me in the right direction with the JavaScript solution or give me another idea that might work? I am a bit stumped on this one.

Thanks,
Ann

 
Sort by date Sort by votes
the session_onend does not have access to the response object. I *believe* that it can only access the Session, Application, and maybe Server objects.

Anyways - you would need to use Javascript to do what you need to do. Here's a quick example..

function redirectMe(currTime){
if (currTime != <%=Session(&quot;timelength&quot;)%>) {
currTime++;
setTimeout('redirectMe(' + currTime +')',1000); //this should run every second
} else location.href = &quot;somepage.asp&quot;;
}

redirectMe(1);

you might want to check my syntax, since the setTimeout method param might be wrong, and my location.href property might be wrong. You can see at I would do it, but I'm on a slow dialup right now downloading stuff :(.

Anyways - assuming that my JS is right, this should do the trick for you. If you need anything else, post back.

hth
leo
 
Upvote 0 Downvote
Thanks, I think this solved half my problem. It does redirect to the page I need (yay!), however, it does it in terms of seconds, not in terms of minutes, which is what I need.

The timeout value for my test user's session is 5 minutes. The code bumped me back to the login page after only 5 seconds.

How can I make this work for minutes instead of seconds?

Thank you so much.
Ann
 
Upvote 0 Downvote
convert the minutes to seconds... that's the only way you can do it.

5 minutes =

5*60 = 300 seconds.

do the calculation in the javascript:

ie:
function redirectMe(currTime){
//now it compensates for minutes...
if (currTime != <%=Session(&quot;timelength&quot;)%> * 60) {
currTime++;
setTimeout('redirectMe(' + currTime +')',1000); //this should run every second
} else location.href = &quot;somepage.asp&quot;;
}

redirectMe(1);

again - this assumes that my JS is syntatically (sp?) correct.

hth ---------
Leo Mendoza
lmendoza@students.depaul.edu
 
Upvote 0 Downvote
That works perfectly, except for one tiny thing logically.

Maybe I'm doing something wrong. I used this line to do the check:
if (currTime != <%=Session.timeout%> * 60)

When that page meets the Session timout value for the site, then it kicks back to the login page. That's good, except the time counter can't determine how long you've spent on other pages.

So if my timeout value is 5 minutes, and I spent 4 minutes on another page and then go to the page with the timeout code, it kicks me out after 5 minutes on that page.

Granted, if I try to do anything on the ASP pages, the app will tell me to login again, but I really want to kick the users out of the app pages when the timeout value is reached.

Any suggestions?

Thanks,
Ann
 
Upvote 0 Downvote
Scanlan,

Just create a one time session variable when the user logs in. When the session times out, that variable will return an empty result.

On the ASP page that authenticates the user, create a session variable like this.

<%
Session(&quot;loggedin&quot;) = &quot;YES&quot;
%>

Then, near the top of all the rest of your application pages, put this code in.

<%
IF Session(&quot;loggedin&quot;) <> &quot;YES&quot; THEN
Response.Redirect &quot;loginpage.asp&quot;
END IF
%>

Remember, ASP resets the session timeout to the original value each time an ASP page is accessed so a user could wait 4 min 59 seconds between requests and still keep the session alive.

Hope this helps.

TW
 
Upvote 0 Downvote
Todd suggested the best, and possibly easiest way to check.

The way that you would like to do it (I assume, say a user gets 5 minutes to cruise through the a section of your site), involves some Javascripting and some Session variables.

The problem with this, is that if anyone really wanted to, they can spoof the Javascript values, and reset the 'session clock' whenever they'd like. I mean, since it is just javascript, you would either have to tack it unto the end of the URL, or throw it into a hidden form value. If your user could figure out what was going on, then they could change their URL however they see fit. I'll admit you can make it more secure by implementing an HTTP_REFERER check, if you go the route of the form values, but I've heard that you can spoof those too.

Anyhow, what I would do is create a second session variable, say Session(&quot;logtime&quot;), along with my orig Session(&quot;timeout&quot;). Then I would keep a running tally of how long a user has been on a particular page, using Javascript and adding it to the logtime. Then, I modify the J function a little bit to start at the already logged time.

using my above ex:

var gLoggedTime = 0;

function redirectMe(currTime){
//now it compensates for minutes...
if (currTime != <%=Session(&quot;timelength&quot;)%> * 60) {
gLoggedTime = ++currTime; //the value you pass from pg to pg
setTimeout('redirectMe(' + currTime +')',1000); //this should run every second
} else location.href = &quot;somepage.asp&quot;;
}

redirectMe(<%=Session(&quot;loggedtime&quot;)%>);

hope this makes some sense to you... this method takes a little bit more redesign, and you will probably need to alter every page in your timed section...

at any rate
hth
hth
leo

------------
Leo Mendoza
lmendoza@students.depaul.edu
 
Upvote 0 Downvote
Dear Ann,

Another way of doing this would be to store two session variables when the user logs in. One holds the amount of time that particular user is allowed, and the other holds the time of login. Leo's JavaScript could then be modified to add the two session variables. If the result is more than the current time (i.e. the user has had longer than they are allowed) it redirects. This solution should work for all users and take into account how long they are each allowed.

Simon
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
How to link a condition to a session(&quot;UID&quot;) ?
Replies
14
Views
481
leifoet
leifoet
Shedders101
  • Locked
  • Question
Pulling in spreadsheet content when it contains emojis
Replies
1
Views
207
Shedders101
Shedders101
DIDwebs
  • Locked
  • Question
Remaining time before the session timeout expires IIS
Replies
1
Views
195
ChrisHirst
ChrisHirst
gcoleman1
  • Locked
  • Question
Insert into Request.form field when empty
Replies
2
Views
144
gcoleman1
gcoleman1
gesrod
  • Locked
  • Question
Session variable
Replies
4
Views
191
gesrod
gesrod

Part and Inventory Search

Sponsor

Back
Top