Redirecting the user when the session ends
I've noticed that a lot of banking websites redirect you back to their main page (or a page informing you what has happened) after a certain amount of inactivity. I think this is actually quite good for the user's experience as if I've left a site open for a while, usually I have to make another request before the site tells me that my session has ended and asks me to login again.
There's a few ways that this could be implemented in ASP.NET and some of the most common are probably accomplished by using a javascript redirect or adding a meta tag to the page. As I always use Master Pages in my applications, the approach I've started to use is to add a header to the response in the page load event so that any page that uses this Master Page will always have this header. It's quite simple to implement and looks to be quite efficient:
Protected Sub Page_Load(ByVal
sender As Object,
ByVal e As
System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then
Response.AppendHeader("Refresh", (Session.Timeout * 60) + 5
& "; Url=SessionEnded.aspx")
End If
End Sub
You can decide whether to have a separate page that is responsible for showing a message to the user, or you could just redirect them back to the login page if you wanted.