ASP.NET Automatic logout

Question

I am doing a group project with 4 other people. We are designing a job kiosk in ASP.NET in MVC4 with embedded c#.

I am working on having the system log the user out

Answer 1

If you don't use "Windows Authentication", this at least depends on the session timeout you can control via web.config:

<configuration>
    <system.web>
        <sessionState timeout="10" />
    </system.web>
</configuration>

As most techniques somehow rely on sessions, this will work in most scenarios.

Answer 2

If by Idle you mean absence of mouse and keyboard events from user, and i understand your requirement correctly, you should check the jquery-idleTimeout plugin.

Another good one is jQuery idleTimer Plugin

hope this helps.

Answer 3

Here is how I do it if you are using FormsAuthentication:

Controller Action:

public ActionResult CheckLogin()
{
    if (Request.Cookies["CookieName"] == null) return Json(0, JsonRequestBehavior.AllowGet);
    var cookie = Request.Cookies["CookieName"].Value;
    var ticket = FormsAuthentication.Decrypt(cookie);
    var secondsRemaining = Math.Round((ticket.Expiration - DateTime.Now).TotalSeconds, 0);
    return Json(secondsRemaining, JsonRequestBehavior.AllowGet);
}

Jquery on each page or on layout page:

<script>
    $(function () {
        setTimeout(doStuff, 1000);
    });
    function doStuff() {
        $.ajax("/CheckLogin").done(function (data) {
            if (data <= 60) {
                startLogout(data);
            } else {
                setTimeout(doStuff, 1000);
            }
        });
    }

    function startLogout(seconds) {
        var countdown = setInterval(function () {
            //Show something here
            if (count == 0) {
                clearInterval(countdown);
                //Do something here
            }
            seconds--;
        }, 1000);
    }
</script>

Answer 4

If you need to have them automatically logged out, start with Linus Caldwell's suggestion of setting the web.config session timeout. His example shows 30 minutes, so you would just change it to 10. The user won't know that they're logged out, though, until they actually try to request some server resource. To have that happen automatically, you can go a couple of ways. Both of these ways involve automatically refreshing the page after the timeout period has expired. One way is to use a javascript timer. The other is to add a refresh header to each page.

<script type="text/javascript">
var seconds = 60 * 11;// set timer for 11 minutes (1 minutes after session expires)
countdown();
function countdown(){
   seconds--;
   if (seconds <= 0){
          window.location.reload(); // force a refresh.
   }else{
          setTimeout('countdown()', 1000);
   }
}
</script>

The other way would be in your global.asax:

protected void Application_BeginRequest()
{
    Response.Headers.Add("Refresh", Convert.ToString(Session.Timeout * 11));
}

Answer 5

the answer you are looking for is the one AliK suggested. You want to set an automatic timeout in the web.config so that it will automatically logout the user and redirect them to the login page after a certain amount of idle time.

<authentication mode="Forms">
   <forms loginUrl="Login.aspx" protection="All" timeout="1" slidingExpiration="true">
   </forms>
</authentication>

If I remember right, the timeout value is in minutes, not seconds or milliseconds. Also the sliding Expiration means that the timeout will reset each time you perform an action on the website. So if you have a timeout of 5 minutes and you sit idle for 4 before clicking a button on the site then after the button click you get a new 5 minute timeout.