This means: forcing a page postback or redirect from a client browser without explicit user input.
Why would you want to do that? The main reasons are:
- Auto-redirecting to a new URL after a brief time period
- Refreshing page information periodically
- Maintaining a valid session state indefinitely
- Forcing a specific process to run on the server when the client session has expired.
The following methods are the constructs we have used in our web development projects:
HTML header refresh tag
The most common and best known way - a tag of the following format is placed in the HTML section of the page:
<meta http-equiv="refresh" content="8;url=http://dotnet.org.za/">
- where '8' refers to the number of seconds that will elapse before the page is refreshed;
- 'url' is the new url redirect to. It can be excluded which means the current page will be reloaded.
This construct is useful if you have one or two pages which have to auto-refresh, and works for any HTML content type forms. The downside is the refresh interval cannot be set dynamically, and if you are testing for session timeouts on your site, you'll have to embed this construct in every page of the site.
ASP.NET provides the AppendHeader method to the Response object. Typically the page refresh can be set as follows in an ASP.NET webform (in C#):
Convert.ToString(Session.Timeout * 60 + 5));
Here the page refresh is set to 5 seconds after the client session timeout setting specified in the web.config file.
This construct is useful as it can be placed in a base webform OnLoad() or Page_Load() response method. All derived webforms will then have the same page refresh setting when they are loaded. Obviously, if the timeout value is changed in the web.config file, no modification is required in this code and everything still works fine.
Page OnLoad method script
The same thing can be done by setting a script for the client-side HTML using the HtmlGenericControl.Attributes collection:
string onload = "window.setTimeout(
Convert.ToString( (Session.Timeout * 60 + 5) * 1000) + ");";
Unfortunately, to get this to work you need to add the following attribute to the tag in the HTML:
and the following member in the webform code-behind class:
protected System.Web.UI.HtmlControls.HtmlGenericControl body;
Hmmm - so why do this, if it means that we have to fiddle with the HTML?
In our experience, certain ASP.NET controls in the webform actually kills the working of the previous two constructs - but this method always seems to work....regardless...in Internet Explorer...
In future posts, I will look more closely at managing ASP.NET session timeouts with re-logins for secured sites.