I have a forms authentication website that has a page where users spend a
lot
of time on. So somebody spends an hour on the page and then presses submit
and gets redirected to the logon page. Followed by a redirect back to where
they were minus all the data they typed in.

Is their a way to handle time outs without loosing data on the redirect.
Maybe popup a logon page versus a redirect or something.

I already have a httpmodule looking at the authenticate and endrequest
events.  To fix problems associated with the basic forms authentication
design.  So I don't mind coding low level stuff.

I can not violate security associated with ticket time outs by disabling the
timeout or doing javascript postbacks.

Hi,

There's no good way to know this. In your another post I think Alexey
Smirnov's suggestion a good way to solve this issue if you want enable the
timeout. You can store data in cookie (client side) or database (server) or
other places where the client can access later.

If you need a simple workaround, I think you can use JavaScript to popup a
new window to temporarily save data. If the timeout is 10 minutes you can
pop up a window after 9 minutes.

In main page, call this JS to popup window:

    <script type="text/javascript">
        function Popup()
        {

            var w = window.open("NewWindow.aspx?data=" +
document.getElementById("testinput").value);
        }

    </script>     

<input id="testinput"></div>

Use settimeout if needed:

http://www.w3schools.com/htmldom/met_win_settimeout.asp

In the popup window, call this JS to fill data back:

   <script type="text/javascript">
        function FillData() {

            window.opener.document.getElementById("testinput").value =
GetQueryString("data");
        }
        function GetQueryString(ji) {
            hu = window.location.search.substring(1);
            gy = hu.split("&");
            for (i = 0; i < gy.length; i++) {
                ft = gy[i].split("=");
                if (ft[0] == ji) {
                    return ft[1];
                }
            }
        }

    </script>
    <input onclick="FillData();" value="Fill Data" />

Please let me know if it can resolve this issue and feel free to ask if you
have additional questions.

Regards,
Allen Chen
Microsoft Online Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msd***@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

I can't use the suggestions that violated security principles like having
cookies/tokens which are set to expire for security reasons, not expire by
having javascript refreshes.

Are their any other complicated solutions which would involve examining the
http pipeline events.

Hello Chuck,

You could store the whole request in memory or database, before the runtime
decides that the login sessionhas timed out (so pretty early in the request
lifecycle). Then redirect to the original page, substitute the request data
from memory and let the page do its usual thing

As you say, it migth require some very low level hacking, but should work.

Other solutions might include (in random order):
- split up the page in multiple steps, storing the results in between.
- post back on a timer, storing results as the user types, you could detect
that the postback hasn't changed between previous postbacks and still logout
the user
- use ASP.NET Ajax to send the changes to the server in the background
- use a client side object and use the local Isolated Storage facility
- use Silverlight and store the data in the local data store
- set the timeouts on session and login very high and keep a last action
timer in the session. handle the page as usual, but the log out the user
if x amount of time has expired (this can be handled from the global.asax)
- use a javascript timeout on the page to warn the user that the session
will terminate in x minutes and let him push an intermediate save button
- educate the users on how 'the web usually works'
- ...
- ...

Hi,

Have you tried my suggestion that uses JavaScript to popup a window to
store data before timeout? I believe it'll not violate anything. It's just
a helper window for user to fill back data later if needed. After seeing
the same page user can click the button on the popup window to fill data
back to the form.

the http pipeline events.

As far as I know it's difficult to know whether the redirect is from the
authentication module so this approach cannot work.

Jesse has provided almost all the possible solutions to this issue. If you
don't want to store data at server side you can use Silverlight to store
data to isolated storage:

http://msdn.microsoft.com/en-us/library/bdts8hk0(vs.95).aspx

And you need to interact with your page (data retrieved from isolated
storage to Silverlight app and then to HTML DOM elements):

http://msdn.microsoft.com/en-us/library/cc645076(VS.95).aspx

With the help of Silverlight you can easily implement auto save function.

Please let me know if it can meet your requirement and feel free to ask if
you have additional questions.

Regards,
Allen Chen
Microsoft Online Support

Hi Chuck,

Have you solved this issue?

Regards,
Allen Chen
Microsoft Online Community Support

Temporary ASP.NET Files Corruption
DBF connection string
Web Site Images
asp to aspx - vb to vb.Net
display html file in ajax update panel
CodeBehind with <Save> and JS return false;
Send email with background thread?
Issues hosting WCF web service object in IIS
Bind ListView to DataTable - why is this a problem?
Convert DropDownList values to enum values