Sean Patterson replied to hitesh kumar
29-May-07 06:16 PM

If you want to "buzz" the user to see if they're still around (my old bank site did this), you're going to have to use Javascript to have a Timeout feature. If your Session timeout is 30 minutes, your Javascript needs to fire off in 25 minutes with its alert box.
In a related note to all of this, don't forget you have the server DLL processing your app and the client code being generated. To keep a "robust" timeout in place, you need to put any necessary code in your Session_Timeout method of the Global.asax, and then use HTTP meta tags, Javascript, ClientRegisterScriptBlock to make the web page itself do your timeout functioning. I typically have a logout page that the user is redirected to via a script registration block once the allotted time is reached. I keep this value in my web.config file.
That way, after 30 minutes have expired, the proper session abandonment happens behind the scenes and the client page is redirected to a logout page to avoid any kind of confusion.