When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles
Related Web Technologies
User Tips!
Coding Tips

Sample Chapters
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Stump the SQL Guru!
XML Info
Author an Article
Print this page.
User Tips: Redirecting the User when the Session Expires

By Rich W.

I am building an intranet site that has different levels of security, and a current problem with the legacy software is that people spend time finding out information that they aren't supposed to have access to. The login security can be a problem if the session timeout is too long, but even then users can come by and see someone's computer screen if they don't close the browser window. I found a fix that automatically asks the users for the login and password if they just leave the browser open. In my include file that contains my login check, (this appears at the top of every asp page that requires the login security.) I added one line. Here is the file contents:

Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0

If (Session("Authenticated") <> Session.SessionID) Then
	Session("RequestedURL") = "http://" & _
	    Request.ServerVariables("SERVER_NAME") & _

	Temp = Request.ServerVariables("QUERY_STRING")
	If (Not(ISNull(Temp)) AND Temp <> "") Then
		Session("RequestedURL") = Session("RequestedURL") & _
		    "?" & Temp
	End If
End If

Line 1 addes a refresh tag that refreshes the page exactly 1 minute after the session timed out. This will cause the login page to appear and then redirect the user back to the page they were viewing.

Hope this helps someone,

Happy Programming!

Return to user tips...

ASP.NET [1.x] [2.0] | ASPFAQs.com | Advertise | Feedback | Author an Article