Redirecting the User when the Session Expires

By Rich W.

I am building an intranet site that has different levels of security, and a current problem with the legacy software is that people spend time finding out information that they aren't supposed to have access to. The login security can be a problem if the session timeout is too long, but even then users can come by and see someone's computer screen if they don't close the browser window. I found a fix that automatically asks the users for the login and password if they just leave the browser open. In my include file that contains my login check, (this appears at the top of every asp page that requires the login security.) I added one line. Here is the file contents:

Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60) Response.AddHeader "cache-control", "private" Response.AddHeader "Pragma","No-Cache" Response.Buffer = TRUE Response.Expires = 0 Response.ExpiresAbsolute = 0 If (Session("Authenticated") <> Session.SessionID) Then Session("RequestedURL") = "http://" & _ Request.ServerVariables("SERVER_NAME") & _ Request.ServerVariables("SCRIPT_NAME") Temp = Request.ServerVariables("QUERY_STRING") If (Not(ISNull(Temp)) AND Temp <> "") Then Session("RequestedURL") = Session("RequestedURL") & _ "?" & Temp End If Response.Redirect("/login.asp") End If

Line 1 addes a refresh tag that refreshes the page exactly 1 minute after the session timed out. This will cause the login page to appear and then redirect the user back to the page they were viewing.

Hope this helps someone,

Happy Programming!