Preserving state after HTTP session time out

Question

In my asp.net application, the HTTP session times out after 30 mins on which the user is redirected to a login page. Here is a scenario:

1. User clicks on an item to edit, with the URL like so:

   http://localhost/app/edit?id=1

2. User makes certain changes on a page to edit item with id=1 but does not "save" them for 30 minutes.

3. On the 31st minute he clicks on save and he's redirected to the login page where I have a return URL to redirect to, if he enters the correct credentials.

What is correct way of preserving the state in which the user left the page? All I have is the return URL which coming in with the login request which looks like: http://localhost/app/edit.

Clicking on save does a POST request but does not pass anything in the query string.

I want to be able to redirect to http://localhost/app/edit?id=1

Answer 1

Unless you have specifically built a mechanism to preserve state outside the ASP.NET session-based state mechanism, session is lost when it times out. You could, theoretically, construct a state system that stores intermediate drafts of data from selected pages/inputs on a per-userID basis, where pages containing data likely to be "orphaned" in this way could be somewhat retrieved, but that would also require periodic background saves of data back to the database on those pages deemed important enough to preserve changes otherwise lost due to timeout.

Answer 2

When the POST happens, you have the original URL, and the request object with all of the form values.

The request will be intercepted, and redirected to the login screen. At that point, you need to save the original URL and request values, handle the login, and then redirect to the original URL with the original values.

What does your POST request look like? Is there an object you could stuff into temporary storage (session, etc) or do you process the form collection?