session timeout with master pages when redirect to another page

https://stackoverflow.com/questions/20366445

28-08-2022
|

Question

I'm Using Session Value in Master page by using

sessionTimeout = <%= Session.Timeout %> ;

SessionTimeout=20

I'm using this function to decrease the session value.

sessionTimeout = <%= Session.Timeout %> ;
        now = new Date();
        newtime = now.setMinutes(now.getMinutes() + parseInt(sessionTimeout));
    function Session_Expiry(session1) {
        now = new Date();
        diff = newtime - now;
        days = Math.floor(diff / (1000 * 60 * 60 * 24));
        hours = Math.floor(diff / (1000 * 60 * 60));
        mins = Math.floor(diff / (1000 * 60));
        secs = Math.floor(diff / 1000);
        mm = mins - hours * 60;
        ss = secs - mins * 60;
        if(mm<10 && mm>=0)
        {
            mme='0'+mm;
        }
        else
        {
            mme=mm;
        }
        if(ss<10 && ss>=0)
        {
            sse='0'+ss;
        }
        else
        {
            sse=ss;
        }
        sessionresult ='Session will expiry in '+ mme + ':' + sse + ' Secs';
        document.getElementById(session1).innerHTML = sessionresult;
        if(secs<=0)
        {
           window.location.href='Login.aspx';
        }
        setTimeout('Session_Expiry("'+session1+'");','1000');
        return true;
    }

and i'm decrementing this value,by using java script. It is working fine. but when i redirect to another page the session value is staring from 20. How can i resist this, I want the output , when i redirect to another content page of master page, the session value has to be start with the previous value, not from initial value.

Thanks in advance.

Solution

Unless I've misread your question I don't think you understand the concept of Sessions within asp.net. When a session is active (i.e. a user has first logged into your website), IIS will maintain a session on the server for them that will expire if it receives no more requests for that user within a defined time period (the default is 20 minutes). When you redirect to another page the session timeout will again be reset to 20 minutes.

This has a very practical and logical purpose, imagine logging into a website knowing that no matter how much you used the site you would be forced to login every 20 minutes.

Another issue with your code above is that when you reload the page, you're reading the same session timeout value (which has never changed).

I would really recommend against 'rolling your own' session manager like the above, asp.net has all of this built in.

You should be using something like:

<authentication mode="Forms">
   <forms loginUrl="~/Pages/Account/Login.aspx" timeout="40" slidingExpiration="true" />
</authentication>
<authorization>
   <deny users="?"/>
</authorization>
<sessionState timeout="20" cookieless="false"></sessionState>

Have a look at this question for an explanation.

Also have a look here for a more detailed explanation about sessions.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow