Session Timeout

Cerberus · 04-07-2000 10:49am #1

Hi, I have an ASP question
When a session times out, the Session_onEnd sub is called from the Global.asa. Is there any way of displaying an message to the user notifying them of this event from this sub. I am running an intranet which has a lot of functionalities that employees would use on a regular basis, so employees would have the intranet open on there browser all the time but not necessarily be using it. I have tried displaying message boxes but they don't seem to work. I don't want to have a independant function constantly running checking for the timeout event and then displaying a notice since the timeout property is already doing this for me.

Any ideas??

T.I.A.

ButcherOfNog · 05-07-2000 1:00pm

you have a few options

1. don't use session variables, therefore they won't time out.
2. increase the timeout length, so its less likely to time-out, but you will be tying up server resources by doing this.
3. code something kewl to get around the problem gracefully.

whats the problem with the timeout anyways, are the users losing data because of it? or just getting annoyed over having to login to the intranet again, or do they have to login ... impossible to give specific advise as it depends on how and what the system does.

Cerberus · 05-07-2000 2:18pm

Certain users have certain priviledges. When a user with priviledges' session times out they will just be left with the bare intranet, the same as what an ordinary user would see. The extra menu options will disappear from the menu and I am going to get a rake of e-mails from HR telling me my intranet is messed up. The timeout is currently 60 minutes but I don't want to make it longer for security settings - with the right priviledges in the wrong hands one could really fcsk up things.

Thanks for the ideas anyway..

ButcherOfNog · 06-07-2000 3:25pm

code it to re-authenticate after it times out, rather than just continuing on without the authenticated privilages, rather than losing options, they'll have to re-enter their login dets and then continue on from where they were. should b simple enough to do

Cerberus · 06-07-2000 5:42pm

You would imagine it would be simple to do but it's not. The security part of it was outsourced to another company I think. It comes with a 10 page 'manaul' full of ADSI sh1t I don't understand. (See I am only an undergrad on work experience). I found another way around it but it involved including a file in every page which is messy and I couldn't be arsed doing it. You're idea sounds good though. I will investigate it and try to get away without consulting the 'manual'.

Thanks.
NiG

Lucutus · 07-07-2000 10:51am

Trust me mate, the way you found by including a file, is more than likely the way to go, write a little proggie to append the files to the beginning of every file in your intranet directory structure if it makes it easier, but you do need that include

Lucutus of Borg

Cerberus · 07-07-2000 1:09pm

I think you're right man. Thanx. I am a bit suspicous though about the way the session is set up. The session should end when the abandon method is called or when the timeout event occurs (i.e a user doesn't request an asp page for a certain lenght of time), but in my site the session doesn't end unless you request an asp page after that length of time(60 minutes). To be more clear, if I request a page after 60 minutes, my session is still alive, I am given the asp page I want, then my sesion ends. Any ideas why this is so?

Session Timeout

Comments