Home About Us SQL Interview Book Contact Us RSS
Code Snippets
Tips & Tricks
Code Snippets

Saravana Kumar
Vinod Kumar

Redirecting User to Login Page After Session Timeouts

     In most of the applications you might come across the situation where you need to redirect the user to login page after session timeouts. It is simple, if you want to redirect user to login page when the user submits the page after session timeout. You got the control in server, you can check for session timeout. If that is true, then you can redirect the user to any page you want. If you implemented Authentication like Forms authentication or Passport authentication in your applications. Then this is done automatically when the user resubmits the page after session timeouts.

     But the requirement is such that you want to redirect the user immediately after timeout to login page before the user submits the page. In this article, I am going to explain how we can achieve this in ASP.NET.Before we see how to redirect the the user to login page after session timeout, we will see how to refresh any page after certain intervals. This will help me to clearly explain how to play with page redirection from client.  

Refreshing any page after certain interval

     For refreshing any page after certain interval, you need to use client side script only. You cant do this in server side, The reason being that the page has been served to the client, end of request.  The web is stateless; until the user comes back and initiates another request the server can't do anything. So we need to do this refreshing activity from client side only. There are two ways to achieve this,

                    1. Using Window.setTimeout method
                    2. Using Meta Tag - Refresh. 

Using Window.setTimeout method:

              DHTML Window object has a method called "setTimeout" which  evaluates an expression after a specified number of milliseconds has elapsed. With the help of this method, you can run the client side script window.location.href="somepage" to redirect page in the current window. SetTimeout accepts three parameters.

vCode Required. Variant that specifies the function pointer or string that indicates the code to be executed when the specified interval has elapsed.
iMilliSeconds Required. Integer that specifies the number of milliseconds.
sLanguage Optional. String that specifies one of the following values:
JScript Language is JScript.
VBScript Language is VBScript.
JavaScript Language is JavaScript.

             You need to call this method in body load and start the timer( by calling setTimeout method). This timer will elapse depending upon the second parameter for this method. When it is elapsed, it will fire the script which is given as first parameter. So you need to add this to the body element onload method. For adding client side event to body tag in asp.net you need to follow this methos.

1. Declare the body tag in html window as server control by specifing runat attribute and give an id to that tag.

                                <body runat="server" id= "body">< /P>< /FONT>

2. In the code behind, declare this element as htmlgenericcontrol like this.            

  Protected WithEvents body As System.Web.UI.HtmlControls.HtmlGenericControl    

3. Finally add the following code in your page_load event handler, this will add the client side handler for body tag.

 body.Attributes.Add("onLoad", "window.setTimeout(""window.location.href='<somepage>.aspx'"",5000);")     

This method will refresh the page to the specified location after 5 secs. The disadvantage of this method is, this might not work in some lower end browsers. So you need to go for other method i.e. by using Meta Tags.

Using Meta Tag - Refresh

    Another way for refreshing the page after certain interval is by using meta tag - Refresh. This tag specifies a delay in seconds before the browser automatically reloads the document. Optionally, specifies an alternative URL to load. Example

               <META HTTP-EQUIV="Refresh" CONTENT="3;URL=http://www.some.org/some.html">

In ASP.NET, you can add headers in code behind using this method.

             Response.AppendHeader("Refresh", "10; URL=.aspx")

This method will reload the current window after interval mentioned in the second parameter to the page which is mentioned as URL to refresh. In this case page will be refreshed after 10 seconds.

Redirecting User To Login Page after Session Timeouts.

Redirecting user to login page after session timeout is similar to refreshing the page after certain intervals method. Only thing which will differ is that calculating time after which the page has to be redirected. Hence time can be calculated using Session.timeout property which will give us session timeout value for that session. Add some grace timings to that value and redirect the user to the login page automatically.

Using Window.setTimeout method

body.Attributes.Add("onLoad", "window.setTimeout(""window.location.href='login.aspx'""," & (Session.Timeout * 60 * 1000) + 10000 & ");")

Using Meta Tag - Refresh

Response.AppendHeader("Refresh", Convert.ToString((Session.Timeout * 60) + 10) & "; URL=Login.aspx")

Both these methods will redirect the user to login page  after session timeout + 10 seconds. This is how you can redirect the user to login page after session timeout without user interaction.