简体   繁体   中英

Redirect after inactivity in ASP using Session.Timeout

I have an intranet application written in classic ASP.

Whenever a user has been inactive for longer than the session time, I want the page they're on to reload which will redirect them back to the login page because the session variables will be empty.

I've tried a bunch of solutions, none of which seem to work reliably across all browsers.

It should be no surprise that IE is giving me the most problems.

Anyway, in my login script, I set the session timeout as so:

Session.Timeout = 15

I tried using the meta refresh tag but in IE (all versions) sometimes it would work, sometimes it wouldn't and I can't figure out why. I would take the session timeout and add one second like so:

<meta http-equiv="refresh" content="<% = CInt(Session.Timeout + 1) * 60  %>;url=/?timeout=true" />

Sometimes IE would do the refresh and other times it would just sit there. I know the session is timing out because when the browser wouldn't execute the refresh, if I hit refresh, I get directed to the login page.

Is there something funky about meta refresh and IE I'm missing?

The second approach I tried was to use JavaScript. Since JavaScript is required to be enabled for the intranet application, this seems like a good option which I implemented as so:

<% iTimeout = CInt((Session.Timeout * 60) + 1) * 1000 %>
<script>window_refresh = window.setTimeout(function(){window.location.href=window.location.href+"?timeout=true"},<% = iTimeout %>);</script>

Now this reliably reloads the page but it seems as if the timer on the server and the timer JavaScript is using in the browser are off because when the page is reloaded sometimes, the session is still valid.

I've tried changing the + 1 to +60 and that works most of the time but even then sometimes the page will refresh while the session is still valid.

Am I approaching this issue correctly?

I would definitely also approach the issue through JavaScript.

However, instead of redirecting the user back to the login page I would create some kind of keepalive script that runs every few minutes to make sure the session never times out if the user still has the page open in the browser.
If this is not a usable solution for some reason in your case, I would as a minimum remember to alert the user that the redirect is about to happen to avoid sudden redirects that totally suprises the user.

Anyway.. To answer your problem:

Does your page also load other resources like images, stylesheets and other stuff?

Files like these are loaded after the HTML is processed and if the JavaScript timeout is started before the last of the files are loaded, you may end up in a situation where the JavaScript timeout is started before the session timeout is started.

In this case the JavaScript timeout will trigger before the session timeout and that makes the redirect occur before the session timeout.

You say that you have tried increasing the amount of extra seconds to 60 and that the problem still occurs sometimes. Are you sure that no files are loaded after the JavaScript timeout is started? I would investigate this a bit, because it sounds like something resets the session timeout in your system.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM