I had an application where users would routinely start working, then stop to do something else and then keep the web page open for hours on end. This would inevitably lead to some ASP.NET Session has expired messages. To combat this, there is a simple solution. Somewhere on your application's page add the following code:
<!-- The folllowing loads a blank page that refreshes 60 seconds before the session timeout to keep session from expiring -->
<iframe id="ifrmBlank" frameborder="0" width="0" height="0" runat="server" src=""></iframe>
The Blank.aspx page should just be a blank page with the following code-behind code:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
'********************************************************
'* Refresh this page 120 seconds before session timeout *
'******************************************************** Response.AddHeader("Refresh", Convert.ToString((Session.Timeout * 60) - 120))
End Sub
Some would argue (correctly in my opinion) that it's a user training issue but the reality is that all users won't always use the application as intended and this simple fix is a better alternative to setting some ridiculously high session timeout setting.