Although it is possible to increase session timeout (see ASP.NET session timeout and expiration tutorial), this is not scalable option. every session variable requires some memory on server. If website has many visitors and a lot of session variables, increasing of timeout too much could spend all available memory and decrease website performances. If session timeout is increased, server will keep all sessions, including unimportant sessions from visitors who leaved website. As better solution, you can make periodical requests from client side, which will keep session alive only if browser is still showing your page. In that purpose, we can use JavaScript, jQuery, Meta Refresh or ASP.NET Ajax
How to keep ASP.NET session alive using JavaScript
ASP.NET just remembers time of last request and it doesn't know if visitor is closed browser window or is just doing something else and will return soon. It is certainly worthless to keep session values of user who leaved website. It would be better if we could keep live sessions of visitors who still have page opened.
Solution for this is to use JavaScript that will make periodic calls to some .aspx page on website, restart session timeout and keep session alive in that way. Implementation code will use JavaScript setInterval function. It could look like this:
<%--
In this example, image will be used to keep session alive,
By changing image's src parameter, we'll make periodical requests
to web server.
--%>
In this example, RefreshSessionState.aspx page will be called every minute. This is far less than default session timeout which is 20 minutes. If you just want to keep session alive, you can set this time for 19 minutes (19 * 60 * 1000 = 1140000).
But, with smaller intervals you could know almost instantly when visitor is closed a browser. If scalability is a problem, you can delete session variables almost immediately after user closed web browser. There is no need to wait 20 minutes for session to expire. You can even decrease session timeout to low value, like 2 minutes. JavaScript from previous example will make requests every minute, and keep sessions alive for active users (users that have opened web browser), but sessions where browser is closed will expire.
Since RefreshSessionState.aspx page is called every minute, you can use ASP.NET server side code for tasks like visitor tracking, how many visitors are currently online, which page each visitor is currently browsing etc.
This option will work fine, although it has its own small drawbacks. Some users could have JavaScript disabled or have a browser that doesn't support JavaScript (like some mobile web browsers). If JavaScript is not enabled, this code would not work and session will expire. Also, rarely but theoretically possible, especially on mobile browsers is, if user's Internet connection is temporally broken JavaScript will miss few requests while user is reconnecting.
This example manipulates image's src element to make request to web server. There is a second option to make web requests in JavaScript using Http Request, but this option requires browser specific code because Internet Explorer and Firefox use different objects. IE uses ActiveX object Msxml2.XMLHTTP or Microsoft.XMLHTTP, while Firefox uses XMLHttpRequest. So, final browser compatible code becomes large. In the other hand, using image's src property to make request requires
As very similar alternative we can use jQuery for same task. In this example, I will use jQuery post function to make a request to web server. Pages requested with POST are not cached, so we don't need unique URL like in previous JavaScript example.
Code for keeping ASP.NET session alive using jQuery is very short:
Keep ASP.NET session alive using Meta Refresh
One more way to keep ASP.NET session alive is by using Meta Refresh and postback. Of course, we can't refresh complete page because that will annoy visitor, especially if he or she is completing a large form. Instead of that, place small IFRAME tag somewhere on page, and set its src parameter to helper .aspx page. Let's call that page RefreshSessionState.aspx.
HTML code on main page will be:
Code for RefreshSessionState.aspx doesn't require complicated server side code except you want some visitor tracking. Just add meta refresh tag in head section. There are few different methods, I used Response.Write:
<%@ Page Language="C#" %>
<%
Response.Write(@" Server.UrlEncode(DateTime.Now.ToString()) + @""" />");
%>
I added additional query string "x", to avoid using of cache in some browsers. Query string value will be current time, so URL will always be unique to provide complete postback.
Now, first value in content parameter represents after how much seconds will page refresh. In this example, page will refresh after 900 seconds (15 minutes). It could be any value less than session timeout. Since default session timeout is 20 minutes, this IFRAME will keep session alive while user is working something else.
Keep ASP.NET session alive using ASP.NET Ajax
To keep ASP.NET session alive, one more option is to use ASP.NET Ajax. Timer control is useful in this scenario, since it can send requests in regular time intervals. To see how it works, add to web form one UpdatePanel control and one Timer control. Here is an example markup code:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Ajax-Refresh.aspx.cs" Inherits="Ajax_Refresh" %>
Interval property of Timer1 is set to 10000, which is about 10 seconds. You can change this interval according to your needs.
On server side, we'll use Timer_Tick to keep session alive:
[ C# ]
using System;
public partial class Ajax_Refresh : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
// Set session timeout to small value, in this case
// 2 minutes, to see quickly if Timer will keep session alive
Session.Timeout = 2;
// Set some value in session
Session["Testing"] = "session is alive";
}
// Timer will make request to server in regular time intervals
protected void Timer1_Tick(object sender, EventArgs e)
{
// Write current session value into label
Label1.Text = (string)Session["Testing"];
Label1.Text += "
Last request at " + DateTime.Now.ToString();
}
}
[ VB.NET ]
Partial Class Ajax_Refresh
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
' Set session timeout to small value, in this case
' 2 minutes, to see quickly if Timer will keep session alive
Session.Timeout = 2
' Set some value in session
Session("Testing") = "session is alive"
End Sub
' Timer will make request to server in regular time intervals
Protected Sub Timer1_Tick(ByVal sender As Object, ByVal e As System.EventArgs) Handles Timer1.Tick
' Write current session value into label
Label1.Text = Session("Testing")
Label1.Text &= "
Last postback at " & DateTime.Now.ToString()
End Sub
End Class
Comparation of JavaScript, jQuery, Meta Refresh and ASP.NET Ajax methods
Notice that any of suggested methods (JavaScript, jQuery, Meta Refresh, ASP.NET Ajax) works only if user keeps web browser opened. If browser window is closed, session will normally expire after 20 minutes. If Session timeout is increased, ASP.NET will keep all sessions including useless sessions of visitors who leaved website. If website has high traffic, keeping of thousands of sessions could easily spend server's resources.
Refresh methods like these are more scalable than increasing of session timeout. They will keep only wanted sessions, where visitor is not closed a browser and discard others. Of course, you are not obligated to keep sessions on all website pages. Keeping sessions alive could be security problem, because there is an option that user is just forgot to close browser. In this case, it is better if session normally expire than if someone else comes to computer and gets access. You can limit this approach on just few pages where visitor needs more time to complete task.
No comments:
Post a Comment