User Tips: Redirecting the User when the Session Expires
By Rich W.
I am building an intranet site that has different levels of security, and
a current problem with the legacy software is that people spend time
finding out information that they aren't supposed to have access to. The
login security can be a problem if the session timeout is too long, but
even then users can come by and see someone's computer screen if they
don't close the browser window. I found a fix that automatically asks the
users for the login and password if they just leave the browser open. In
my include file that contains my login check, (this appears at the top of
every asp page that requires the login security.) I added one line. Here
is the file contents:
Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0
If (Session("Authenticated") <> Session.SessionID) Then
Session("RequestedURL") = "http://" & _
Request.ServerVariables("SERVER_NAME") & _
Request.ServerVariables("SCRIPT_NAME")
Temp = Request.ServerVariables("QUERY_STRING")
If (Not(ISNull(Temp)) AND Temp <> "") Then
Session("RequestedURL") = Session("RequestedURL") & _
"?" & Temp
End If
Response.Redirect("/login.asp")
End If
|
Line 1 addes a refresh tag that refreshes the page exactly 1 minute after
the session timed out. This will cause the login page to appear and then
redirect the user back to the page they were viewing.
Hope this helps someone,
Happy Programming!
