User to Login Page After Session Timeouts
In most of the
applications you might come across the situation where you need
to redirect the user to login page after session timeouts. It is simple,
if you want to redirect user to login page when the user submits
the page after session timeout. You got the control in server, you can
check for session timeout. If that is true, then you can redirect the user
to any page you want. If you implemented Authentication like Forms
authentication or Passport authentication in your applications. Then this
is done automatically when the user resubmits the page after session
But the requirement is such
that you want to redirect the user immediately after timeout to login
page before the user submits the page. In this article, I am going to
explain how we can achieve this in ASP.NET.Before we see how to redirect the the user to
login page after session timeout, we will see how to refresh any page
after certain intervals. This will help me to clearly explain
how to play with page redirection from client.
Refreshing any page after certain interval
For refreshing any page after
certain interval, you need to use client side script only. You cant do this in
server side, The reason being that the page has been served to the client, end
of request. The web is stateless; until the user comes back and initiates
another request the server can't do anything. So we need to do this refreshing
activity from client side only. There are two ways to achieve this,
1. Using Window.setTimeout method
2. Using Meta Tag - Refresh.
Using Window.setTimeout method:
Window object has a method called "setTimeout" which evaluates an
expression after a specified number of milliseconds has elapsed. With the help
of this method, you can run the client side script
window.location.href="somepage" to redirect page in the current window.
SetTimeout accepts three parameters.
||Required. Variant that specifies the function pointer or
string that indicates the code to be executed when the specified interval has
||Required. Integer that specifies the number of
||Optional. String that specifies one of the following
||Language is JScript.
||Language is VBScript.
need to call this method in body load and start the timer( by calling
setTimeout method). This timer will elapse depending upon the second
parameter for this method. When it is elapsed, it will fire the script which is
given as first parameter. So you need to add this to the body element
onload method. For adding client side event to body tag in asp.net you need to
follow this methos.
1. Declare the body tag in html window as server
control by specifing runat attribute and give an id to that tag.
<body runat="server" id= "body">< /P>< /FONT>
2. In the code behind, declare this element as
Protected WithEvents body As
3. Finally add the following code in your page_load event
handler, this will add the client side handler for body tag.
This method will refresh the page to the specified location
after 5 secs. The disadvantage of this method is, this might not work in some
lower end browsers. So you need to go for other method i.e. by using Meta
Using Meta Tag - Refresh
Another way for refreshing
the page after certain interval is by using meta tag - Refresh. This tag
specifies a delay in seconds before the browser automatically reloads the
document. Optionally, specifies an alternative URL to load. Example
<META HTTP-EQUIV="Refresh" CONTENT="3;URL=http://www.some.org/some.html">
In ASP.NET, you can add headers in code behind using this
Response.AppendHeader("Refresh", "10; URL=.aspx")
This method will reload the current window after interval
mentioned in the second parameter to the page which is mentioned as URL to
refresh. In this case page will be refreshed after 10 seconds.
Redirecting User To Login Page after Session Timeouts.
Redirecting user to login page after session timeout is similar
to refreshing the page after certain intervals method. Only thing which will
differ is that calculating time after which the page has to be redirected.
Hence time can be calculated using Session.timeout property which will give us
session timeout value for that session. Add some grace timings to that value
and redirect the user to the login page automatically.
Using Window.setTimeout method
(Session.Timeout * 60 * 1000) + 10000 & ");")
Using Meta Tag - Refresh
Convert.ToString((Session.Timeout * 60) + 10) & "; URL=Login.aspx")
Both these methods will redirect the user to login page
after session timeout + 10 seconds. This is how you can redirect the user to
login page after session timeout without user interaction.