Trigger client side event when session in lost

Question

As some of you probably know, Facebook is using this kind of "system" where a popup is displayed when a user session is lost due to inactivity or distant session close. I already saw and read this Node.js question but didn't find anything.

I am working for a Canadian computer business our main product is a CRM and everything is coded using Classic ASP.

I know.

The whole web-based application is working great and since we host the site on our servers, it is possible if necessary to open ports and use sockets.

Here goes the main question: is there a way (using a javascript library or a jQuery plug-in maybe?) to trigger a client-side event when the session expires or is simply lost due to a server reset for example?

Of course, the best would be to use another solution than sending an AJAX request every second to validate if the user session still exists. If it can help, there is a maximum of about 3'500 users connected at the same time and our servers can easily handle more traffic. The servers are working on Windows Server 2008 along with IIS 7.

Unfortunately, I cannot provide any code blocks or screenshots for this question since there is nothing to debug.

One idea would be to use an AJAX request to a file that does not return anything and hangs there. If session is lost (inactivity or server reset), the AJAX request will trigger an error and the "error" function will be triggered. Would that be something to consider?

Or else, any other suggestions?

Answer 1

One way to do it is to set client-side timer set to the same time as session expiration time.

Let's say your session is set to expire after 20 minutes. When page loads - client-side timer set to 20 minutes kicks in. If user does any server interaction (submits form etc.) - timer is reset. But if nothing happens during this 20 minutes - timer counts down and you get your event.

Answer 2

You could do the following to achieve this, assuming you have a default session timeout of 20:00 minutes:

1. Ensure, that each user has a "session cookie" issued by you, NOT the default ASP Session Cookie.

   dim live_session_id
   live_session_id = Request.Cookies("livesession")
   if live_session_id = "" then
       live_session_id = create_unique_session_id()
       Response.Cookies("livesession") = live_session_id
   end if
   

2. Save this live_session_id in a database along with the expected session expire date

   call updateSession(live_session_id, dateadd("n", 20, now())) ' = now()+20min
   

3. Output the live_session_id somewhere on your page, so you can access it via JS.

4. Implement a serverside ASP script that checks the current session state for a given live_session_id and make it accessible in IIS in a DIFFERENT subdomain, so calls to this check will NOT refresh the ASP session. The script could return the time difference between now and session end, so you could output the duration the session will remain valid.

5. Add some AJAX code to call the check script every other second, so you could issue a warning if the session time draws to an end.

6. To make it detect IIS reset, you could clear the saved sessions in the database by implementing Application_OnStart in global.asa. This way, your clients would detect a session loss by IIS reset.

another quick and dirty method

On every page load, you could let a javascript count down from 20:00 minutes and display a session lost warning after this time. This is what my online banking system uses... :)

Answer 3

as far as i understand you the main Problem is that the user has to fill out enormous forms. that could take some time and during that time the session could expire.

furthermore the session could be ended by anything else (iisreset or so) during the time the user fills out the form.

in my understanding you do not have to notify the Client that the session is lost/expired/ended/abandoned. it would be enough to just show a Login form (Ajax or something) when the user submits the form OR the next request (by Ajax as you mentioned) is made by the Client.

the called asp script checks if the session is valid and if not a popup or overlay is shown to Login the user by Ajax first and the form is submitted afterwards.

you could think of a http Status code 401 or something to send back to the Client and the Client then Shows the mentioned Ajax Login form...