Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ASP.NET
I've spent a lot more time researching this issue that I have with my ASP.NET "session" timing out. The reason I'm using "session" in double quotes is that I'm not sure if the issue is related to my Session timing out or my Forms Authentication.
 
The problem that I have is that I've set both the forms authentication cookie and the session state to timeout after one day (1,440 minutes), but it seems to be timing out after 20 minutes, which I understand to be the default.
 
In the web.config, I have
<sessionstate mode="InProc" cookieless="false" timeout="1440" />
 
and
<authentication mode="Forms">
    <forms loginUrl="~/Account/Login.aspx" timeout="1440" protection="All" defaultUrl="Default.aspx"/>
</authentication>
 
In the code behind of my login page, this is how I set my authentication cookie:

FormsAuthentication.SetAuthCookie("someValue", true);

 
For testing purposes, I want my session to stay active for one day. When I inspect the authentication cookie on the client, the cookie information shows an expiration date that is exactly a day out from right now. I suspect that the Session is causing the issue, but why is my timeout value in the web.config being ignored?
Posted 28-Feb-11 10:35am

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

The following links may help you out:
Role-based Security with Forms Authentication[^]
http://forums.asp.net/t/1143744.aspx/1?Managing+Session+TimeOut+using+Web+Config[^]
http://www.asp.net/security/tutorials/an-overview-of-forms-authentication-vb[^]
 
If i misunderstand your question, please feel free to correct me.I hope the above information will be helpful. If you have more concerns, please let me know.
 
If this would be really helpful to you then don't forgot to Vote and Make Answer as Accepted.
  Permalink  
v2
Comments
jasonHall at 28-Feb-11 17:16pm
   
As kkmummadi wrote in the thread from the 2nd link that Habib shared, you must also verify that IIS is configured correctly.
 
kkmummadi wrote:
If you are using ASP.NET 2.0, use have to check in the IIS.
Open the IIS, click on the Application Pools, Select the Application pool for your application.
Right Click on that, Select Properties.
In the Performance tab, Set the idle timeout as your desired minutes for "shutdown worker processes after being idle for ..... minutes".
Apart from this you have to set the timeout in web.config as said by the other friends
 
If you're using ASP.NET 4.0 and deploying to a machine using IIS7, go to the Application Pools, right-click your app pool and go to Advanced Settings, under Process Module set the Idle Timeout (minutes) to the modified value (20 minutes by default).
 
I also noticed that if you click on your website in IIS7, double-click on the Session State button, scroll down to cookies settings, you'll find a Time-out (in minutes): textbox with a value that is also defaulted to 20 minutes. I changed the Application Pools setting on my webserver and got the desired result. Thanks, Habib!
Monjurul Habib at 1-Mar-11 2:09am
   
thank you too JasonH.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Maciej Los 424
1 ridoy 400
2 DamithSL 230
3 OriginalGriff 179
4 Suvendu Shekhar Giri 150
0 OriginalGriff 8,033
1 DamithSL 6,179
2 Sergey Alexandrovich Kryukov 5,538
3 Maciej Los 5,508
4 Kornfeld Eliyahu Peter 4,539


Advertise | Privacy | Mobile
Web02 | 2.8.141223.1 | Last Updated 28 Feb 2011
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100