Aug
12
2005Smarter Session Management with AJAX
12
2005
Session management is a tricky issue in web applications. If you don’t use session variables, you’re stuck with the nightmare of packaging all your data in HTML forms (tricky even if you’re using the ASP.NET ViewState object). But using session variables has its own set of headaches. Since web applications are never “shut down”, the only way you can assume users are done with their sessions is to automatically close the session after a certain length of inactivity.
Sometimes it’s in the users’ best interest to let the session time out. For high-security sites, this helps insure that if the user forgets to log out when they leave the computer, someone walking by 20 minutes later can’t get into their data.
However, sometimes you just want the session to “stay alive” for as long as the web browser window is open. Eric Pascarello has a neat technique for using AJAX to keep the user’s session alive without refreshing the window (which could erase data entered in a form). Eric’s code has the user click “OK” to renew their session before it times out. However, by removing the “confirm” function, and just calling the LoadXMLDoc function automatically (and, optionally, removing the status bar changing code), you can keep the session going for as long as the browser window is open, without the user having any idea that anything special happened.
If you’re interested in closing sessions to preserve server resources - which you should be, for a web site of any significant size, this is probably not the best idea. But, for an intranet application that will never be used by more than a handful of users simultaneously, I think it’s a very worthwhile usability win.