Base solution for your next web application
Open Closed

Using Seesion Variables and Session.Timeout #3195


User avatar
0
sergiop created

Hello I have 2 questions. Maybe you can help to me. I'm using MVC Single Tenant App. ASPNETZERO v1.12.2.0 [20170515]

  1. I need to store on the session the country selected from a dropdown and filter the queries based on that session value. Is there anything wrong if I use the standard method Session["Sample"] = "xxxx" instead of trying to use the samples with Claim and the custom class to store sessions as on the samples provided on this forum? I've checked and standard session variables seems to work fine.

2)On the web config file I set the session Timeout to 2 minutes, Session.timeout is returning the value 2 as expected. but the application is not redirected to the login page. Am I missing something, do I need to create the logic to do that, according to the forum it seems that it is built in. Please advice.

Thank you


9 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    1. Nothing wrong with using ASP.NET's Session. This may be a problem only if you have a web farm instead of a single server. Even in that case, you can use a distributed session adapter.

    2. Since we don't use ASP.NET's Session, changing it's value does not effect user login's timeout. Instead, you should set Cookie auth timeout. It's configuration is defined here: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/dev/src/MyCompanyName.AbpZeroTemplate.Web/App_Start/Startup.cs#L40">https://github.com/aspnetzero/aspnet-ze ... tup.cs#L40</a> You can change it like:

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        ExpireTimeSpan = TimeSpan.FromMinutes(2)
    });
    
  • User Avatar
    0
    sergiop created

    Worked Perfect !!! Thank you. Just to bypass the issue that calling a partial view, instead of loading any new page, throws an internal error message instead of redirecting to the login page. Just added this code to the layout page to redirect the page to the logout page.

    <script>
        var sessionTimeoutWarning = @Session.Timeout- 1;
        var sTimeout = parseInt(sessionTimeoutWarning) * 60 * 1000;
        setTimeout('SessionEnd()', sTimeout);
        function SessionEnd() {
            window.location = "/Account/Logout";
        }
        </script>
    
  • User Avatar
    0
    huntethan89 created

    <cite>hikalkan: </cite> Hi,

    1. Nothing wrong with using ASP.NET's Session. This may be a problem only if you have a web farm instead of a single server. Even in that case, you can use a distributed session adapter.

    2. Since we don't use ASP.NET's Session, changing it's value does not effect user login's timeout. Instead, you should set Cookie auth timeout. It's configuration is defined here: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/dev/src/MyCompanyName.AbpZeroTemplate.Web/App_Start/Startup.cs#L40">https://github.com/aspnetzero/aspnet-ze ... tup.cs#L40</a> You can change it like:

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
       AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
       LoginPath = new PathString("/Account/Login"),
       ExpireTimeSpan = TimeSpan.FromMinutes(2)
    });
    

    Even if I add ExpireTimeSpan, it has no affect on user logout. I've set time span to 1 minute and even after 5 min if I navigate to some other page, it works perfectly and does not logout user. For this 5 min, I didn't do anything on website, it was idle. How can I logout a user after expiry time?

  • User Avatar
    0
    aaron created
    Support Team

    @smartlayer Are you using MPA?

  • User Avatar
    0
    huntethan89 created

    Yes it is.

  • User Avatar
    0
    aaron created
    Support Team

    30 minutes is the default timespan for the cookie to be rechecked against the security stamp for the user. If you are using ASP.NET Core, then see the answer in Why doesn't cookie ExpireTimeSpan setting work?

  • User Avatar
    0
    huntethan89 created

    I'm using ASPNET MVC (not core) with jQuery. Can you please help with this?

  • User Avatar
    0
    huntethan89 created

    <cite>aaron: </cite> 30 minutes is the default timespan for the cookie to be rechecked against the security stamp for the user. If you are using ASP.NET Core, then see the answer in Why doesn't cookie ExpireTimeSpan setting work?

    I am still stuck on this. Changing ExpireTimeSpan does not have any affect. Can you please help me resolving this issue?

  • User Avatar
    0
    ismcagdas created
    Support Team