Session Management when launching "New" Window

[Kevin Frey]

We have a web application that, for the purposes of reporting, launches a
new window to display the contents of the report in (PDF format). This is
implemented using a custom IHttpHandler implementation in our project.

The report is launched by a standard hyperlink with a target="blank" to
force the new window.

The one problem I have noticed is that if the user leaves the "launcher"
page open a long time, the web server will invariably time out, which leaves
the question of what the IHttpHandler should do.

Obviously it cannot simply redirect to a "login" page since this is a
"child" window.

Ideally what should happen is a separate window should not launch at all,
and the main launcher window would return to the login page.

I'm not sure how I would make that happen. Something after the session check
must then cause a window to popup with the content programmatically.

What is the best way to do this and am I going to run into problems with the
popup blockers of various programs?

Thanks

Kevin

 

[Tim Payne]

Are you using forms based authentiaction, or a custom session based one that
you've coded yourself? You could maybe have the code that checks the session
redirect to a different page rather than the login. You could then redirect
to a page with some javascript that checks if it's a child window and take
action accordingly, something like this:

<script language="javascript" type="text/javascript">
<!--
if (window.opener)
{
//window is a child window, close this window
window.close();
}
else
{
//not a child window, implement your logic for redirecting to
the login page here
}
//-->
</script>

The only thing is, I'm not sure if the window.opener is kept accross page
requests, you'd have to try it and see, but something like that might be
worth looking at?

Tim.

 

[Kevin Frey]

I'm not sure I fully understand the terminology of "forms based
authentication" or a custom one we've written ourselves. So to explain, our
user starts at a login page which accepts their credentials and then our
ASP.NET page [currently] creates a session object against our application
server, which is stored in session state (later this shall become more
light-weight and the application server sessions shall be created on the
fly).

Your suggestion is largely what I was thinking (I think) and part of my
question was querying whether the various browsers are going to complain
about window.close( ) being executed in javascript.

Thanks

Kevin