Home/ Questions/Q 316677
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T08:24:22+00:00

I have a hidden iframe that refreshes every now and then, in order to

  • 0

I have a hidden iframe that refreshes every now and then, in order to keep the ASP.NET session up and running, for as long as the user is online.

However, I have been getting reports of users experiencing session timeouts, so now I am in doubt of what is needed to reset the session timer.

The hidden iframe’s content page (simple html page) refreshes itself at a certain interval, which is significantly less than the session timeout.

My question is: Is it enough (for the session timer to reset) to let the page refresh itself, even when the server responds with a HTTP/1.x 304 Not Modified?

Is it simply the GET request itself that tells the webserver to reset the session timer?

Or do I need to make sure to actually fetch the page and receive a HTTP/1.x 200 OK response?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    All you have to do to keep the session alive is send a request to a page from the current session. You can do this via iframes, or via ajax.

    If you simply refresh the page in the IFrame, the response may be a cached one – thus the 304. You have to send a fresh request every time – 

    var url = "http://domain.com/defibrillator.aspx?" + (new Date()).getTime();

    E.g.

    http://domain.com/defibrillator.aspx?1556467987987
http://domain.com/defibrillator.aspx?5448796497878
http://domain.com/defibrillator.aspx?4123165487987
....

    EDIT 1

    Or you can use the Refresh HTTP header attribute.

    EDIT 1.1

    If you are using the codeproject article mentioned above, then try to model it using AJAX instead of iframes – it would save you a few bytes of extra iframe markup.

    EDIT 2 – About HTTP 304 Not Modified

    If the client has performed a
    conditional GET request and access is
    allowed, but the document has not been
    modified, the server SHOULD respond
    with this status code. The 304
    response MUST NOT contain a
    message-body, and thus is always
    terminated by the first empty line
    after the header fields.

    This means that the request hasn’t reached the ASP.NET pipeline, and has directly been served by IIS itself. ASP.NET environment doesn’t know that a request has been made. So, it won’t perform the session renewal.

    • 0