To read the article online, visit

User Tips: Redirecting the User when the Session Expires

By Rich W.

I am building an intranet site that has different levels of security, and a current problem with the legacy software is that people spend time finding out information that they aren't supposed to have access to. The login security can be a problem if the session timeout is too long, but even then users can come by and see someone's computer screen if they don't close the browser window. I found a fix that automatically asks the users for the login and password if they just leave the browser open. In my include file that contains my login check, (this appears at the top of every asp page that requires the login security.) I added one line. Here is the file contents:

Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0

If (Session("Authenticated") <> Session.SessionID) Then
	Session("RequestedURL") = "http://" & _
	    Request.ServerVariables("SERVER_NAME") & _

	Temp = Request.ServerVariables("QUERY_STRING")
	If (Not(ISNull(Temp)) AND Temp <> "") Then
		Session("RequestedURL") = Session("RequestedURL") & _
		    "?" & Temp
	End If
End If

Line 1 addes a refresh tag that refreshes the page exactly 1 minute after the session timed out. This will cause the login page to appear and then redirect the user back to the page they were viewing.

Hope this helps someone,

Happy Programming!

Return to user tips...

Article Information
Article Title: User Tips: Redirecting the User when the Session Expires
Article Author: Rich W.
Article URL:

Copyright 2019 QuinStreet Inc. All Rights Reserved.
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers