Extend Forms Authentication Ticket Depending on Session Time Out

I know that this subject is not new! but last week one of my students asked me about how we can extend client authentication ticket according to session time out. We should do some coding to achieve such a goal.

I’ll suppose that you have a master page or a main page with frames (no frames for master page) step by step let us do the following;

  • Create such a JavaScript inside your main page

<script type="text/javascript">    var timeOut = setInterval("ExtendSessionPopup();", 19 * 60 * 1000)

    function ExtendSessionPopup() {

indow.open('puppoPageUrl,'anycontent','width=455,height=435, status'); }</script>

In the code above we created a small counter to count the session time out time which is 20 min by default. Here I used 19 min because I’ll give the popup 1 min to count done.

  • Create a popup page that will tell the client that his session will expire within 1 min and ask him/her if he/she want to extend it. But 2 buttons on the popup, one to extend the session and the other to close session. On page load do this

    protected void Page_Load(object sender, EventArgs e)
        {
              if (!Page.IsPostBack)
            {
                StringBuilder st = new StringBuilder();
                st.Append("<script type=\"text/javascript\">");
                st.Append("setTimeout(\"ClosePopup();\", 60 * 1000);");
                st.Append("function ClosePopup()");
                    st.Append("{window.opener.parent.location = \"Login.aspx\";window.close();}");
               st.Append("</script>");

               Response.Write(st);
            }
        }

you may use a small counter to count down on the popup window for 60 sec.
Here the code above tells the popup to redirect Client to login page after 60 sec for popup rise.
Now; let us edit the click event of the Buttons;

Session Extend button

protected void lnkExtendSession_Click(object sender, EventArgs e)
  {

FormsIdentity fi = (FormsIdentity)HttpContext.Current.User.Identity;
        FormsAuthentication.RenewTicketIfOld(fi.Ticket);
      Response.Write("<script>window.close();</script>");
        }

The code above extends session for another 20 min (if the user stays ideal all that time).

End Session Button

protected void lnkEndSession_Click(object sender, EventArgs e)
    {
        Response.Write("<script type=\"text/javascript\">window.opener.parent.location = \"Login.aspx\";window.close();</script>");
    }

The code above will close the session if client click end session link button.

In this way we can give our client to extend his/her session from the popup and if the client is a way from the pc the popup will end the session and redirect the main page to login page. By the way in this article I used session duration as 20 min, there for its hard coded.

Hope this Helps

1 Comment

Comments have been disabled for this content.