Sessions

Hi,
You'll need to use session timeout for the idle feature. You can set that in the Global file.
For the log out feature you can use session variables. When the user logs in the logged_in variable is set to true, on log out you make it false. Then each page as it loads can check the status of logged_in and act accordingly. I'm assuming you've done something similar to this already otherwise a user could bypass the login screen by typing the url of the home page into the browser.
Hope that helps.

Hi,
You'll need to use session timeout for the idle feature. You can set that in the Global file.
For the log out feature you can use session variables. When the user logs in the logged_in variable is set to true, on log out you make it false. Then each page as it loads can check the status of logged_in and act accordingly. I'm assuming you've done something similar to this already otherwise a user could bypass the login screen by typing the url of the home page into the browser.
Hope that helps.

Hey Hericles
I appreciate ur suggestions. I have to ask about the global file, do u mean web config file, and what could be the way of using session timeout i mean how to start the timer, how could possibly the brower knows when to start the timer.
And thanks for bringing that point into notice about the url. No i didnt took care of that.
This project i just started and I know what to do but HOW TO DO..some of my questions would sound weird but thats all i ve for the time being. Thanks in advance

Hi,
If you add a Global.asax file to your website you can access methods for session_start and session_end. They are managed by the server, not the browser. For example the Session_start method is called the moment a new user requests a page from the site. The timeout period can be specified there and the server monitors the inactive or total time spent by the user on the server.
I hope that helps,

Hi,
If you add a Global.asax file to your website you can access methods for session_start and session_end. They are managed by the server, not the browser. For example the Session_start method is called the moment a new user requests a page from the site. The timeout period can be specified there and the server monitors the inactive or total time spent by the user on the server.
I hope that helps,

I appreciate ur support Hericles..I am going to give it a try and let you know then.
Thanks again
Indranil

I appreciate ur support Hericles..I am going to give it a try and let you know then.
Thanks again
Indranil

hey Hericles
I did the things somehow
1. for secured pages cant be accessed without login i did make use of session variable - home.aspx(page_load event if(session["UserId"]==Null) response.redirect("login.aspx") on login page i've session["UserId"]=txtBox1.text) it works somehow.

2. if the page remains idle for say 2mins he must be redirect to the page saying"page expired"
what I did here. I included this in web.config

<system.web>
    <authentication mode="Forms">
        <forms defaultUrl="~/LoggedIn.aspx" loginUrl="~/Login.aspx" protection="All" path="/" slidingExpiration="true" timeout="2"/>
    </authentication>
<sessionState timeout="2" mode="InProc"  cookieless="true"/>
  </system.web>

so it gets redirected to the login page after 2 mins when i refresh the page.

3. once logout i used session.abandon() in the logout.cs so if click the back button it does goes to the previous page but once refreshed it goes tothe login page
- in short all this works somehow

No i want to know if this is the correct way of doing???
and how to make use of Global.asax here, I know there are functions but what n how to write inside...just want idea.

Thanks alot in advance
Indranil

Hi,
It sounds like you are on the right track. The session_start and session_end in the global.asax file can be used if there are any other tasks you want to achieve e.g. saving user data to a database (time on site, pages viewed, etc).

Thanks a lot:)