Re: infinite session timeout

From: William F. Robertson, Jr. (theman_at_fdrsucks.com)
Date: 12/06/04 

Date: Mon, 6 Dec 2004 09:39:55 -0600

No, the server does not not about a user that has closed their browser and
will remain in memory. Worse yet, if you have a user that logs in then
closes their browser, then logs in again, you know will have two sessions on
your machine. You can see how this can quickly fill up your machine's RAM.

You should keep the timeout. You seem to want to have the user not log on
every time they come to your site. I am assuming you are using forms
authentication?

With forms authentication you have a login page defined. On the page_load
for the login page, you should just check for the cookie, validate the user,
set up their information(?), then redirect them to the page they were trying
to hit. Basically you have the btnLogin_Click code, also in the page_load
that processes the cookie.

It will be somewhat transparent for your users when their session does
timeout.

Would this solution work for you?

bill

"Joe Abou Jaoude" <anonymous@devdex.com> wrote in message
news:%23v%23Hpb52EHA.2016@TK2MSFTNGP15.phx.gbl...
>
>
>
>
> hi,
>
> I have a web app with forms authentication and a timeout session of 20
> mins for security reasons. I recently added a feature that allows users
> (if they want to) to automatically log in (without entering username and
> password) using the cookies. Now in this case the 20 mins session
> timeout has no meaning anymore so I m thinking to make the timeout
> infinite in this case only.
>
> my question is, if i do this, and then a user used the application and
> closed the browser , does the server knows that this session is no
> longer needed and removes it from memory even if the timeout is infinite
> ?
>
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!

Relevant Pages

  • Re: Best implementation of setTimeout / clearTimeout
    ... the problem I may have is memory leaks and this is ... setTimeout are not being cancelled properly with clearTimeoutand over ... timeout objects are getting retained and over time memory is being ... There are other factors to consider, though: browser version (2.0.x leaked ...
    (comp.lang.javascript)
  • Re: seeing who is using the site..
    ... course happily start a session anyway. ... That is why session timeout, eg after half an hour of no activity. ... untill *all* instances of that browser is closed. ... with the same session cookie. ...
    (comp.lang.php)
  • Re: seeing who is using the site..
    ... If you demand them to log in, you know WHO they are, as opposed to unknown visitors that happen to start a session with your site. ... If you store the session in a db, they will get deleted after that timeout has expired. ... A browser keeps a session cookie untill *all* instances of that browser is closed. ...
    (comp.lang.php)
  • Re: seeing who is using the site..
    ... If you demand them to log in, you know WHO they are, as opposed to unknown visitors that happen to start a session with your site. ... If you store the session in a db, they will get deleted after that timeout has expired. ... A browser keeps a session cookie untill *all* instances of that browser is closed. ...
    (comp.lang.php)
  • Re: How to end a session when the user closes the browser?
    ... nothing happens on the server when the browser is closed. ... > session ends. ... I don't want to depend on the session timeout factor since ...
    (microsoft.public.dotnet.framework.aspnet)
Loading