Click here to Skip to main content
14,695,085 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more: , +
Lets say we have SharePoint 2013 site and using windows and forms authentication.
How to make a session timeout after a time (15 minutes) in case of forms authentication only?
I set "timeout" property of the session state in web config file but nothing happen
So any recommendation?

What I have tried:

I set "timeout" property of the session state in web config file but nothing happen
for more clearence it is an ASP.NET SessionState SQL Server mode and time out timeout doesn't work
Posted
Updated 20-Mar-16 23:22pm
v2
Comments
F-ES Sitecore 19-Mar-16 10:01am
   
When you say "session" are you referring to the Session state, or how long the authentication lasts for? ie how long before they are logged out.
Mohammad A. Amer 19-Mar-16 17:01pm
   
Is there a difference between them? and any way specifically I means how long before they are logged out.

If you set the timeout property and it doesn't change the Session validity duration, then start by checking your web hosting service - many of the cheaper ones set a session duration cap (typically around 5 minutes) to reduce resource usage. When they do this, the timeout value you set is ignored.

You may be able to persuade them to extend the timeout, but if not, then you need to either change hosts, or switch to Cookies instead of Session - they are stored at the client and can be given a much longer duration.
   
Comments
Mohammad A. Amer 19-Mar-16 8:11am
   
thanks for your reply, I don't use Web Hosting Service so the client manage it by self and I use Cookies in my Code and my issue is the session still work properly and didn't time out and I want it to be timed out after a 15 minutes.
It really depends on the desired functionality you're looking for. I'm going to assume you're using FormsAuthentication.

There's two separate things you need to be concerned about: the Session and the FormsAuthentication cookie. Unless I'm mistaken, both of these have separate timeouts.

If the problem you're having is that the session is timed out but the user still is authenticated, you could try a combination of the following:

1: Making sure the authentication cookie has the same timeout value as the session:

<authentication mode="Forms"><forms ... timeout="20" ... ><authentication>
<sessionState ... timeout="20" ... />
2: In your Page_Load event, check if the session has timed out:

if (context.Session != null && Context.Session.IsNewSession == true &&
    Page.Request.Headers["Cookie"] != null &&
    Page.Request.Headers["Cookie"].IndexOf("ASP.NET_SessionId") >= 0)
{
    // session has timed out, log out the user
    if (Page.Request.IsAuthenticated)
    {
        FormsAuthentication.SignOut();
    }
    // redirect to timeout page
    Page.Response.Redirect("/Timeout.aspx");
}



My reference
asp.net - How to log out a user when a session times out or ends - Stack Overflow[^]
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900