Get ASP.NET Session Last Access Time (or Time-to-Timeout)

Question

I\'m trying to determine how much time is left in a given ASP.NET session until it times out.

If there is no readily available time-to-timeout value, I could also ca

Answer 1

You can get the timeout in minutes from:

Session.Timeout

Isn't this enough to provide the information, as the timeout is reset every request? Don't know how you want to display this without doing a request?

Anyhow, best way is on every request setting some Session variable with the last access time. That should provide the info on remote.

Answer 2

For multi-page solution one could save last request time in cookie, and javascript could consider this last access time for handling warning message or login out action.

Answer 3

I have just implemented a solution like the one asked about here and it seems to work. I have an MVC application and have this code in my _Layout.chtml page but it could work in an asp.net app by placing it in the master page I would think. I am using local session storage via the amplify.js plugin. I use local session storage because as Mr Grieves says there could be a situation where a user is accessing the application in a way that does not cause a page refresh or redirect but still resets the session timeout on the server.

$(document).ready(function () {

var sessionTimeout = '@(Session.Timeout)'; //from server at startup
amplify.store.sessionStorage("sessionTimeout", sessionTimeout);
amplify.store.sessionStorage("timeLeft", sessionTimeout);
setInterval(checkSession, 60000); // run checkSession this every 1 minute
    function checkSession() {
    var timeLeft = amplify.store.sessionStorage("timeLeft");
    timeLeft--; // decrement by 1 minute
    amplify.store.sessionStorage("timeLeft", timeLeft);
        if (timeLeft <= 10) {
        alert("You have  " + timeLeft + " minutes before session timeout. ");
                   }
     }
});

Then in a page where users never cause a page refresh but still hit the server thereby causing a reset of their session I put this on a button click event:

$('#MyButton').click(function (e) {

   //Some Code that causes session reset but not page refresh here
    amplify.store.sessionStorage("sessionTimeout", 60); //default session timeout
    amplify.store.sessionStorage("timeLeft", 60);


});

Using local session storage allows my _Layout.chtml code to see that the session has been reset here even though a page never got refreshed or redirected.

Answer 4

If you are at the server, processing the request, then the timeout has just been reset so the full 20 minutes (or whatever you configured) remain.

If you want a client-side warning, you will need to create some javascript code that will fire about 20 minutes from "now". See the setTimeout method.

I have used that to display a warning, 15 minutes after the page was requested. It pops up an alert like "your session will expire on {HH:mm}, please save your work". The exact time was used instead of "in 5 minutes" as you never know when the user will see that message (did he return to his computer 10 minutes after the alert fired?).