Developing Web Applications
Developing Web Applications |
|
Unless you have provided a means for explicitly logging off, there is no way to determine if the user is still actively connected to your application. HTTP is a stateless protocol, and doesn’t keep track of user connections.
For this reason, ASP provides a mechanism to close a session when a specified time-out period expires. If a user begins a session but stops making requests to the Web application, ASP automatically triggers the Session_OnEnd event. The time-out period defaults to 20 minutes, but can be adjusted by setting the Timeout property of the Session object. You can also change the default value.
To change the default value
For applications that cache a database connection or consume a lot of server resources, the session time-out period may represent a time that other users cannot access server resources. If your application falls into this category, you should consider letting the user end the session when finished. You can do this by simply providing a Log Out button. When the button is clicked, the application calls the Session.Abandon method, which immediately triggers the Session_OnEnd event.
This session-time-out characteristic of Web applications is equally troublesome to applications that rely on resources requiring user authentication. If the user ignores a running application for too long, the application will end the session and log off any connections it has established. If the user makes another request, the application may not function as expected.
You can avoid this time-out problem with a little planning. One popular method of detecting session time-outs is by storing the Session object’s SessionID property as a Session variable. Then, each time the user tries to navigate to a page requiring a valid connection, you check the current SessionID against the ID stored in the Session object. If they do not match (or if the Session variable is empty), you have detected a session timeout, and you can take appropriate action.