function ShowTimeoutWarning ()
window.alert( "You will be automatically logged out in five minutes unless you do something!" );
That little function does nothing more than show a popup message to the user. The text of the message (and the five minutes) duration is arbitrary; you can make them whatever you want.
setTimeout( 'ShowTimeoutWarning();', 900000 );
90,000 milliseconds is 15 minutes (15 minutes * 60 seconds per minute * 1000 milliseconds per second), so in 15 minutes the ShowTimeoutWarning() function will be called automatically. Of course, if the user unloads this Web page (by going to another Web page), the timer disappears.
That 15 minute threshold for the timer was based on five minutes less than the 20 minute session timeout in the Web application.
But what if your Web site (like my client’s Web site) had different session timeouts for different users? You can use a little in-line .Net code to dynamically calculate the timeout period. Here’s how I did it for my client — by adding the following lines within a <SCRIPT> tag:
if ( HttpContext.Current.User.IsInRole( "User" ) )
Response.Write( "setTimeout('ShowTimeoutWarning();', " +
( ( Session.Timeout - 5 ) * 60000 ).ToString() + " );" );
Notice how I calculated the timeout dynamically by using the Session object’s Timeout property. Session.Timeout is stored in minutes, so subtract your announcement time (5 minutes) from that number, then multiply by 60,000 (milliseconds per minute) to get your user-customized timeout alert.