How would I use AJAX to determine if the user's session has expired and then return them to the login page?

Question

In the following scenaio, how could I make use of AJAX to check if the session if is still active and then return the user to the login page?

1. The user logs in and starts working
2. The user disappears for 10 minutes and the session times out
3. The user returns to their computer and is still on the screen they were on 10 minutes ago
4. The user submits their work, buts get returned to the login screen (by my existing Session state check) and the changes are not persisted

Ideally what I'm after is some way of checking the session state every 1 minute to see if the user is idle. If they're idle and the session is about to expire, I'd save off their changes temporarily and then then, when the Session does expire, I'd automatically change the page to the login screen before the user returns from being idle.

Is it also possible to do this without using setTimeOut()?

Answer 1

Most if this can be handled server-side.

Whenever there is server-side user activity - page load, ajax call, whatever, set a session variable

Session["last_activty"]=DateTime.Now;

In your AJAX calls and page load (could do this in a master page/nested master page for pages that require authentication), check (pseudocode)

if (DateTime.Now-DateTime.Parse(Session["last_activity"]) > 10 minutes)
  Session["logged_in"]=false;

If the page load or webmethod/webservice method determine based on the above that the user has timed out, either

a) redirect to the login page (server side), or

b) return a status code to your ajax caller which will cause a redirect or display of a login dialog.

NOTE: beware of use of real session variables as they tend not to work well/at all in clustered server environments. A better place for this type of thing is in your database.

table Users
.ID
.last_activity datetime
.logged_in - calculated column which returns if GetDate()-LastActivity > 10 minutes.