Menu
I have a ASP.NET website which uses forms authentication. The timeout is twenty minutes.
I have noticed that if a user half completes a form, and is then timed out, they are redirected to the login page, fill it in, and are redirected back to the form but with EMPTY controls.
I had prevously assumed that ASP.NET would use some skulduggery to repopulate the form controls when this happens.
Are there changes I can make to make sure it does?
468
There are two ways to set a session timeout in ASP.NET. First method: Go to web. config file and add following script where sessionstate timeout is set to 60 seconds.
The Timeout property can be set in the Web. config file for an application using the timeout attribute of the sessionState configuration element, or you can set the Timeout property value directly using application code. The Timeout property cannot be set to a value greater than 525,600 minutes (1 year).
The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid, meaning, that after value number of minutes, the cookie will expire and the user will no longer be authenticated—they will be redirected to the login page automatically.
Select System administration > Setup > System parameters to open the System parameters page. On the General tab, in the Session management section, enter a value in the Session inactivity timeout in minutes field. Select Save. If you set the value to greater than 30, you will be prompted to confirm your selection.
I think the best solution to your problem is to set the slidingExpiration attribute to true on the forms authentication element in web.config. This way the user only loses his/her data when they take in excess of 20 minutes to fill in the form.
The problem occurs because asp.net "remembers" values that have been entered in the form by means of a concept called viewstate, which is basically just a hidden form field. When the server does a redirect to the login page, all form fields are lost because a redirect cannot contain POST data.
If you want your users to be able to take longer than 20 minutes to fill in the form, you can consider having some javascript on the page containing the form, which makes an ajax call to the server every x minutes. With sliding expiration, this will reset the session expiration time everytime the ajax call is fired, and thus it will never log your user out as long as they are viewing the page containing the form.
192
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
