Login/Register
Classic ASP session timeout quandry
Asked Answered
Solved sessioniisasp-classiciis-7.5session-timeout
J

1

6

I'm baffled. Each of our employees must sign in to our server which begins their ASP session. All the research I've done shows that we should be able to change how long this session lasts using session.timeout x where x is the number of minutes we want the session to last, default being 20 minutes. I've changed this timeout without any consistent results.

I finally set up a function that checks to see if I am logged in every 10 seconds to see if I could nail down a consistent session length. So far the times have varied from 7 hours to 40 hours over 8 trials. I have done this both in a chrome and firefox browser to see about different session times and they have always been timed out at the exact same time. Coworkers are not getting timed out at these exact times, however.

I read something about global.asa. We either are not using this or none of us understand it well enough to know where it is.

I've also read about and tried to change the timeout sessions for the application pools in IIS. I'm doing from Windows 7 and most of the tutorials were for older versions of windows but I believe I found the correct place but I still couldn't find that the changes I was making made any difference.

tl;dr - Is there a way to find how much time is left in a classic ASP session?

Jobless answered 13/11, 2013 at 14:19 Comment(0)
O
6

There are several things that can affect the timeout length and several places where the length can be set. IIS has it's own default and this can also be set on a site by site basis. You can also set it in your application code using session.timeout like you have suggested.

If you have created a function to check for the existence of an active session the function itself is probably keeping the session alive each time it fires. Which is why you're experiencing such long session timeouts.

A session automatically ends if a user has not requested or refreshed a page in an application for a specified period of time.

global.asa is a file you can create and include in the root folder of your web application(s). If you want or need one then just create it.

The format should be something like;

<script language="vbscript" runat="server">

sub Application_OnStart
    'some code
end sub

sub Application_OnEnd
    'some code
end sub

sub Session_OnStart
    'some code
end sub

sub Session_OnEnd
    'some code
end sub

</script>

For controlling the length of your session you can specify a value;

Sub Application_OnStart
    Session.Timeout = 30 '30 mins
End Sub

One of the more accurate solutions I've found and now use would be to record a timestamp of initial login and timestamp of last activity for each specific user in a database or a cookie. Then compare the current timestamp with the data stored to determine if the session should end. You can also use this type of method to auto redirect the client to a login page after a set time of inactivity or display a "your session has expired" style message.

Outdo answered 13/11, 2013 at 15:20 Comment(2)
Alright, this is getting me on to the right track. I removed my ajax function that was checking whether the session had timed out and now it appears that I'm getting consistent 2 minute time outs (the time I set within IIS, not session.timeout). This is pretty huge to have some kind of consistent reason. However, if my every 10 second ajax call was refreshing session, how come I was ever logged out at all?Jobless
@Jobless the IIS app pools that handle session state are normally recycled automatically, depending on your app pool recycle settings. This will force the session to expire regardless, although usually not more than once a day. The default is to recycle every 1740 minutes.Outdo

© 2022 - 2024 — McMap. All rights reserved.