ASP Sessions

Posted 2002-10-01
I have been using Microsoft IIS with ASP for some time now. One of the things I really like is the "Session" variable. It allows me to keep track of various session states easily.

Unfortunately session timeouts are a weak point. An ASP session will timeout when a user does not request anything from the server in a specified amount of time(default 20 minutes). Expanding the time creates additional load on the server and increases security risk. The problem is either the session times out too quickly causing the user to logon frequently or there are too many orphaned sessions active on the server creating overhead. Usually both are occurring constantly and neither is any good.

The ideal solution is to have a short interval for time outs, say 5 minutes, and have the client poll the server to keep the session active. In essence an HTTP ping.

How To Keep Alive?
Create a frames page with one hidden frame and one display frame.
For the hidden frame create a tiny ASP page that reloads itself every 270 seconds(4.5 minutes).
Put your content in the other frame.
Now in global.asa or login page make sure you change the session timeout to 5 minutes with this line of code..
        Session.TimeOut = 5

That's it, you know that session overhead on the server is reduced to those that are viewing the site. Meanwhile users that need more time have it.

This is not something that you would want to do on every site. There are situations where the arbitrary timeout is a much better solution.

Another benefit of using frames is that when the user leaves the site you can automatically abandon their session without them "logging off", but that is another issue.  

This solution could also integrate an automatic alert, email or other feature.