redirect user after inactivity, but keep session alive

I try to redirect my page for a logged in user with a certain amount of inactivity to a different page without killing the session.

I would like to substract the time I spent on the first page from the session, put the user on the new page, and then log the user out after his session (rest of the session time) times out and redirect the user to the login page.

I fo开发者_StackOverflow社区und this:

HttpContext.Current.Response.AppendHeader("Refresh", Convert.ToString(((HttpContext.Current.Session.Timeout * 2) - 5)) + "; Url=Dashboard.aspx");

but this interferes with my master page:

Context.Response.AppendHeader("Refresh",Convert.ToString((Session.Timeout * 60)) + "; URL=" + ResolveUrl("~/Logout.aspx")); 

If it is easier, the user session does not need to be subtracted by the time the user spent on the first page.

Is there maybe an easy javascript out there that I missed on google?

Thanks, Patrick

Ok, I did the following to solve this issue: Everytime a user hits a button, i call detime(), and also on the page_load I call detime(). Maybe not the best solution, but at least I got what I want ;)

function timer() 
{
    time1 = window.setTimeout('redirect();', 300000);
}

function redirect() 
{
   window.location = "XXX.aspx";
}

function detime() 
{
    if (time1 !=null) {
        window.clearTimeout(time1);
        time1 = null;
    }
timer()
}

Well, I suppose it depends on your server platform, but in my experience it's the server that determines session timeout. The reload that your client-side code triggers will, unless you somehow override the normal behavior of the server, refresh the session and start the timer over again.

Now, what you could do is update the page client-side and not talk to the server at all. To do that, you'd effectively load the code to the "almost timed out" page at the same time you load the original page. Then, when your timeout fires, you just show the desired page and hide whatever's there.

I would encourage you to consider the usability issues with this overall scheme.

It seems like what you want to do is pass a timestamp along with the redirect and then capture the timestamp and either use that or, if its undefined, the current time as the time the user started. Then once that time has run out send the user to an explicit log out that kills their session.

As long as you redirect to a page that explicitly kills the session, I don't think you'll have a problem with expiration. Accept in the case where the user gets redirected to the new page, and then closes the browser, which maybe you could use an onunload script to kill the session explicitly again.