First you create a webform called SessionRefresh.aspx with the code behind SessionRefresh.aspx.cs. In the code behind you insert the following content:
private void Page_Load(
object sender, System.EventArgs e)
{
Response.AddHeader(
"Refresh", Convert.ToString((Session.Timeout*60)-10));
}
This piece of code will add a Re
fresh HTTP Header Attribute to the WebForm with a value of your session timeout minus ten seconds. This means that ten seconds before the user's session is going to timeout, as long as they have a browser open, and they are on your page, the page will post back to keep the session alive.
Then, to make this postback invisible, you will now insert an IFRAME - do this into a user control that is site persistent, such as the header or footer user control (if you use user controls for header or footer. I use a user control for my menu, and inserted the IFRAM in the menu user control). Now, insert the following code into the user control:
<iframe id="SessionRefresh" src="/SessionRefresh.aspx" frameborder="0" width="0" height="0" runat="server" />
Now this invisible SessionRefresh WebForm will just sit in the IFrame and post itself back to the server 10 seconds before the session times out, only if they are still on your site or a browser is open. Check out a View Source, you won't even see the Refresh attribute because it's hanging out in the invisible IFrame.
Thomas Kurek has an excellent explanation of this on this CodeProject page: http://www.codeproject.com/KB/session/Session_Defibrillator.aspx.
Happy refreshing :)
André