There is a point to this story, but it has temporarily escaped my mind...
Contact Me MyFaceBook MyLinkedIn MyGitHub MyTwitter

Interesting Session Timeout Issue in ASP.Net MVC

A co-worker of mine recently discovered an interesting session timeout issue in one of the MVC application he is developing. In the application, he used the Meta Refresh tag to redirect to a Sign Out page which destroys the session state and authentication cookies. He noticed that sometimes it just would not work. If you have a browser with only one tab, it worked most of the time. Multiple tabs seemed to increase the possibility of it not doing anything.

<head runat="server">
    <meta http-equiv="Refresh" content="1140;url=/Authentication.mvc/SignOut" />
</head>

He was a bit surprised when researching this to find out that apparently using Meta Refresh to expire session state is discouraged:

As a test, He added the following delayed function to the $(document).ready JQuery function (sort of similar to the Body OnLoad event, except that it fires after all loading is complete):

        $(document).ready(function () {
            setTimeout(function () {
                var $viewDialog = $('<div></div>')
                .html('Session has exceeded inactivity timeout.  <br />Redirecting you to the logon page.')
                .dialog({
                    autoOpen: false,
                    title: 'Session timed out.'
                });
                $viewDialog.dialog('open').delay(15000).fadeOut(function () { $(this).dialog('close') });
                "document.location='https://application.domain.url/Authentication.mvc/SignOut';"
            }, 1100 * 1000);
        });

The nice thing about this function is that before redirecting, it displays a dialog for a few seconds just in case the end-user notices what is happening. After making this change, the pages seem to timeout and redirect to the Sign Out page much more reliably.

Copyright © 2015 by Julian Easterling. SOME RIGHTS RESERVED.

Creative Commons License
Except where otherwise noted, content on this site is
licensed under a Creative Common Attribution-Share Alike 4.0 International License.


All of the opinions expressed on this website are those of Julian Easterling and
do not represent the views of any of my current and previous clients or employers in any way.

If you notice an error on the site or content that has not been properly attributed, bring
it to my attention using the contact page and I will endeavor to fix it as soon as I can.

I accept no responsibility or liability for any damages incurred by following any of
my advice or by using any of the information on my site or of those sites that I link to.