All geek questions in one place

Managing Session Timeouts in ASP.NET

I have an ASP.NET 2.0 web application that works with several ASP.NET 2.0 web services. Both use ASP.NET sessions to save session data.

To warn the user about application session timeouts, I use a modified version of Travis Collins Timeout Control to show the ModalPopupExtender called "Your session is expiring" and the "Stay logged in" and "Logout" buttons. When you click "Stay logged in" it makes a callback to an empty method, which resets the session timer (I believe because each HttpRequest calls a call to ResetItemTimeout ).

In order to prevent a session in the services timeout before it was in the application, I established that their timeouts are longer and plan to call them an empty method when the session timer is reset in the application. However, the session state event for the reset timer.

Do I need to override ResetItemTimeout ? How can I do it? Or is there another way to achieve my goal (for example, keeping a maintenance session while the application service is alive)? I am considering expanding my timeout to send heartbeats through an application (e.g. Tim Mackey's idea ).

+4
source share
3 answers

I'm not sure I will follow. Are you saying that calling an empty method in webservice does not mean resetting the session timer?

Also, this seems like a lot of overhead. Why not configure your web application and web services to use the same session cookies?

0
source

When a .Net application calls a web service, this .Net web application is the client and to which the session belongs. A web service session — at best — is specific to a .Net web application, not to a user with a browser that was a client of the web application.

I think the default case is even that the session starts every time a web service call is made (web service calls do not save the cookies that are required for the session state), so it does not store anything between calls. But I did not check it now. There are several ways to make a call, and I think some of them store cookies, and some do not.

But anyway: in your scenario there is no reason to use a session in web services: for web services there is only one client (web application), so you can also use the state of the application if you need to cache data or something in it kind.

0
source

If you are going to more or less automatically extend the waiting time, why not just set it very high for starters? KISS. and save yourself the trouble of writing code where you really don't need to.

-1
source

Source: https://habr.com/ru/post/1301609/

More articles:


All Articles