I'm baffled. Each of our employees must sign in to our server which begins their ASP session. All the research I've done shows that we should be able to change how long this session lasts using session.timeout x
where x is the number of minutes we want the session to last, default being 20 minutes. I've changed this timeout without any consistent results.
I finally set up a function that checks to see if I am logged in every 10 seconds to see if I could nail down a consistent session length. So far the times have varied from 7 hours to 40 hours over 8 trials. I have done this both in a chrome and firefox browser to see about different session times and they have always been timed out at the exact same time. Coworkers are not getting timed out at these exact times, however.
I read something about global.asa. We either are not using this or none of us understand it well enough to know where it is.
I've also read about and tried to change the timeout sessions for the application pools in IIS. I'm doing from Windows 7 and most of the tutorials were for older versions of windows but I believe I found the correct place but I still couldn't find that the changes I was making made any difference.
tl;dr - Is there a way to find how much time is left in a classic ASP session?
The default is 10 minutes. Session. Timeout has no hard-coded limit. Most Web administrators set this property to 8 minutes.
A session automatically ends if a user has not requested or refreshed a page in an application for a specified period of time. This value is 20 minutes by default. You can change the default for an application by setting the Session.
Session timeout determines how long the server maintains a session if a user does not explicitly invalidate the session. The default value is 30 minutes.
Open up IIS. Select your website from the list of sites. Click on Session state on the right. Now enter your session timeout under the cookie settings.
There are several things that can affect the timeout length and several places where the length can be set. IIS has it's own default and this can also be set on a site by site basis. You can also set it in your application code using session.timeout
like you have suggested.
If you have created a function to check for the existence of an active session the function itself is probably keeping the session alive each time it fires. Which is why you're experiencing such long session timeouts.
A session automatically ends if a user has not requested or refreshed a page in an application for a specified period of time.
global.asa is a file you can create and include in the root folder of your web application(s). If you want or need one then just create it.
The format should be something like;
<script language="vbscript" runat="server">
sub Application_OnStart
'some code
end sub
sub Application_OnEnd
'some code
end sub
sub Session_OnStart
'some code
end sub
sub Session_OnEnd
'some code
end sub
</script>
For controlling the length of your session you can specify a value;
Sub Application_OnStart
Session.Timeout = 30 '30 mins
End Sub
One of the more accurate solutions I've found and now use would be to record a timestamp of initial login and timestamp of last activity for each specific user in a database or a cookie. Then compare the current timestamp with the data stored to determine if the session should end. You can also use this type of method to auto redirect the client to a login page after a set time of inactivity or display a "your session has expired" style message.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With