I have an application where the default page requires the user to choose the location they are logging into. I take the value (one or two letter designation) and save it to a Session variable. I then access this variable on the page load of all pages in the application and use the value to call stored procedures to display the proper data from the database. The problem is, some users are timing out and lose their session causing them to have to go back to the first page and re-choose their location. I did increase the session timeout to 60 but this may still not be long enough for some users. Is there a better way to do this without using a session variable? Any help and/or example VB code will be appreciated.
Thanks
While navigating to other page assign this value to a hidden field. Then afterwards check the value of hidden field instead of Session variable. Once you are navigating to another page transfer this value in hidden field again to Session.
Let me know if you need any further help
Any session var or app var would be subject to a session timeout. You do not want to extend the timeout too much because it has an adverse effect in resource consumption.
If your security requirements are not too stringent (risk is low), you could use a QueryString (URL) parameter instead. Validate the parameter to make sure nothing fishy comes in before you use it. You could keep the info in a user database and get the data from there when the user first logs in.
Forgot: You could also use Hidden fields (if security is not stringent) or cokkies if accepted in your client browsers.
See:http://msdn2.microsoft.com/en-us/library/z1hkazw7.aspx
I tried the suggestion and am now running into a problem. It works great if the user stays on the same page. The problem is when the user clicks on another page using the link buttons I provide. If the session expires then my variables are not set. I was hoping to set the Session Variables again when the user leaves the page but I'm not sure where to do this. Any more ideas?
What I would recommend is that you use a cookie for your application with a time-out of however many minutes you think you need. Each page would then check the cookie to get the values needed. With those wonderful people, such as myself, that don't allow most cookies, you can always make the page auto-refresh every x number of minutes. That should reset the timer on the session variable. You will have the problem of needing to make sure that data is not resubmitted. Web applications have the drawback of not automatically trusting the user the way a desktop application would.
0 comments:
Post a Comment