MVC sessions with auto-refreshing site - javascript

I am looking into session issues I have, but before I post my other questions I need to clarify something.
When a website is designed with JavaScript code that keeps refreshing the site (say every 5 seconds), I would expect that to be the same as a user clicking on links that reload fresh copies of the page, and further I would expect that to keep the site in session until the end of time.
However the session (ie, my session variables) does time out (I think at the 20 min default, but I'm not sure yet).
What's the expected behavior when a page auto-refreshes? Timeout or no timeout ?
Thank you,
Simon

I suppose you have forms authentications that stores cookies that are get expired in 20 minuts, page refresh doesn't extends the exipration. Look Here for possible options, sliding expiration may help.

Related

How to update a column of a DB table when closing the browser in PHP?

I am creating a website where I have in DB a table called users with a column status_login, if the user starts session the column updates to 1, if he closes session through the logout button the column updates to 0, this so as not to have two at the same time open sessions.
The problem is that if the user closes the browser then the status_login column does not update and remains at 1, then when logging in again it is not possible since the status is at 1.
I was researching on the subject so what I found is that using a JS function with Ajax I can catch the event when closing the browser, if it works, but the problem is that this event is not compatible with some browsers, or there are problems when using it, for example, in FIREFOX it works fine, but not in Chrome. There are many topics on this but I have not found an updated or helpful answer.
Do you have any idea how to solve this problem? On the banks page, if you close the browser, is the session closed, how is this possible? Has anyone already had the same problem?
I think you try to do get user online time. in that case this not good idea but i think it's work.
you can time to time request send on browser using java script (AJEX) and in server side you can update is online time on db. if browser send request time gap greater than with last update time it mean user go off line.
previously i have similar problem and i solve it like this idea.

Store data for session with an expiration date

I am building a mobile application in Angular (Ionic 5 to be precise) and I need a way to keep session data during my users workflow.
I considered using the sessionStorage for that, but one important thing is that my user session should expire automatically after 5 minutes. So I would like to store data and reset those data if the user finish the workflow or reset them if the user didn't finished the workflow within 5 minutes.
What is the best way to do this?
Store the expiry time along with the data in sessionStorage and when reading the key, check the time to make sure it is still valid for usage.
See this article for reference.
I can't include a Stack Snippet here because it fails on security privileges (editing the localStorage etc.), so here's the link to try this on GitHub.
You can use the user reaction events(click, keypress, ...etc) to refresh your session and made any control you want ! something like (click)="refreshSession()". All your controls will be made inside the refreshSession()

Change ASP.NET session timeout programmatically

Here is a new requirement that I need help with. Our users request that 2 minutes before the session timeout, warn them. (i can use a global javascript to check on every page since once a page is loaded, the session reset and by default, another 20 minutes is extended). at the 18th minute, a javascript popup shows up, asking the user "You have two minutes left before being logged off. Do you want to extend the session"?
Up to here, all is fine. But then once they hit "Extend it", then what? I don't want to refresh the page because the data they've already entered will be lost. Is Ajax needed? If so, what is the programmatic way to extend the current session? (not modifying web.config just to be clear)
Also, say they are talking to someone and did not see the javascript confirmation during the 2 minute. Is there anyway to "hold" the session, till the user decides to do something?
Thanks
I was recently working on a similar problem. With ASP.Net every call back to the sever resets the session timeout period. So a Ajax call is going to be your best bet.
As for holding the session, are you actually storing anything in the Session object that needs to be maintained? Or when you say session do you mean the period that the user is authenticated for? If it is truly Session and you are not storing data then it shouldn't matter id it expires. You may want to take a look ar the below link.
Forms authentication timeout vs sessionState timeout

session_destroy() with JavaScript

I'm looking for a JavaScript code to destroy the session of users which aren't active. (It's for a live chat site)
Expiry:
The website detects every 5 minutes the activity of a user and then it updates the database with the last activity timestamp. So if the user didn't wrote since 2 minutes ago, the last activity timestamp would be time()-120 (120=2minutes)
And now I will that a js code can detect if the last activity timestamp is more than 300 seconds (5 minutes in seconds) ago, to destroy the session of the inactive user.
With php it would be easy, only it would need a refresh of the page and then the user would be logged out. Is there a chance to do this with javascript without refreshing the page? If inactive -> destroy session and automatically logout, so the user can't write anymore.
Thank you.
The session is a backend concept and can not be directly controlled with frontend Javascript. Sessions refer to information that is stored on the server and linked to the frontend user in some way, usually with a session cookie.
What you can do is either remove the cookie and wait for the session to die on the server, or write a PHP script that invalidates the session immediately and call that over AJAX. Either way, you'll have to change the UI with Javascript to let the user know they've been logged out, for example by disabling the text inputs and halting the script that polls for new messages.
Please also note that terminating the session for an idle user without warning is bad UX and will annoy your users. At least give them a notice beforehand that their session will be dropped in two minutes because of inactivity so they can react to stay online.

Saving the time the user is logged on

In the application I am developing I have to store the time some particular users remain logged into the application, unfortunately, in web applications, there are several ways the user can log off.
User clicks log off.
User session expires.
User closes the window.
User types another site URL in the address bar.
The first one is quite easy because the application gets control of the logging off process. But in the other ones, it gets tricky.
What would you do to solve this problem?
On each page view, update your count. If they log out, then you've got an accurate measure. If they navigate away, or any other method, then the most that you're out is the length of time they were on one page.
If it were really really important to have an accurate measure, then perhaps an AJAX "heartbeat" every minute, but that's most likely overkill.
Well for #3 and #4 you can attach something to the window.onunload event that gets you the time for calcuations, but be careful that your code is fast enough that the page doesn't completely unload before your AJAX request can be sent.
As far as #2 goes, the "heartbeat" suggested by nickf is probably the best solution there.

Categories