Click here to Skip to main content
15,746,302 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
In session timeout is based on sliding expiration
It means if I set sessionTimout to 5 minutes and user access session
after 3 minutes session will receed again to 5 minutes. Each time session
is acccessed it ressets time.

How to avoid above situtation and kill session straight in 5 mins irrespective
of how many times it is accessed in between.

What I have tried:

I tried to set timer after login in login page and OnTimeElaspsed
event I tried to kill session but session is not availble in that event
as page life cycle gets over by that time.

System.Timers.Timer aTimer = new System.Timers.Timer(10000) { AutoReset = false };
aTimer.Elapsed += new ElapsedEventHandler(OnTimedEvent);
aTimer.Enabled = true;

private static void OnTimedEvent(object source, ElapsedEventArgs e)
Updated 9-Mar-17 22:47pm

Add these events to your global.asax file

void Session_Start(object sender, EventArgs e)
    Session["SessionExpiry"] = DateTime.Now.AddMinutes(5);

void Application_AcquireRequestState(object sender, EventArgs e)
        DateTime expiry = (DateTime)base.Context.Session["SessionExpiry"];

        if (expiry <= DateTime.Now)

            // the abandoned session won't kick in until the next page request.
            // here I am redirecting back to the current page, but you may want to do something else
            // like redirect to a "Session Expired" page.
Share this answer
Google Search has many great answers for you: setting session timeout - Google Search[^]

Like this one: Session timeout in ASP.NET - Stack Overflow[^]

[edit] So you want the user to sign in and only have a fixed period of time before the session is closed. Not time out due to inactivity after a period of time (what you call sliding window).

Timer is not the solution.

What if you had a successful website with thousands of active users? (eg: CodeProject has over 30,000 active users at the time I am writing this). The first thing that comes to mind is that you will run out of memory very quickly.

I would set a timeout on a cached Session value. Session states scale dependent on the strategy that you use, so you can avoid memory exceptions.

Then you can:
1. on postback check for the existence of the value;
2. periodically from the page, do an Ajax check for the value.

If the value is gone, then the session has expired. Now you can let the user know their session is over.

Hope this helps...
Share this answer
TinTinTiTin 10-Mar-17 3:12am    
Hi Graeme_Grant, You didn't got my question. I don't wan't sliding session timeout.
Link provided just show to to set timeout(default sliding).
Graeme_Grant 10-Mar-17 3:31am    
Please check that the revised answer is what you are looking for. If not, please click on Improve question to add more info to the question.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900