How to set a session timeout on the web.config

Asked

Viewed 900 times

1

People I need a timeout for my web.config that if the user is not tinkering with the system it expires, if he is tinkering with the system does not expire time. It’s possible to have something like this ?

<configuration>
  <system.web>
    <sessionState timeout="20"></sessionState>
  </system.web>
</configuration>
  • 1

    The configuration is correct.

  • Yes expires even if the user is working on the system

  • 1

    Moving how? Session time is only renewed when the user makes a POST or GET or PUT, etc, to the server. If he is just working on the client part, the session might fall yes.

  • Ha yes I understood, it is because this system was not I who made, I am giving maintenance, more all well! , thanks a lot for the help @Marcellalves

1 answer

1


You are confusing expiration of session data with login session, and they’re not the same.

The performative way to do this is by defining an attribute that checks whether the SessionStore whether or not it exists. If it does not exist, the login session expires:

public class VerificarSessaoExpiradaAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        HttpContext contexto = HttpContext.Current;

        // Verifica se existe um objeto definido na Session
        var objeto = new DadosUsuario();
        objeto = ((DadosUsuario)SessionStore.GetSessionValue("DadosUsuario"));
        if (objeto == null)
        {
            filterContext.Result = new RedirectResult("~/Account/Login");
            return;
        }

        base.OnActionExecuting(filterContext);
    }
}

Then you decorate with it the Actions desired, or Controllers, or you can register the attribute globally:

[VerificarSessaoExpirada]
public ActionResult Index()
{
     return Index();
}
  • 1

    Thank you @Ciganimorrisonmendez

Browser other questions tagged

You are not signed in. Login or sign up in order to post.