Click here to Skip to main content
14,699,491 members
Please Sign up or sign in to vote.
4.00/5 (2 votes)
See more:
I've spent a lot more time researching this issue that I have with my ASP.NET "session" timing out. The reason I'm using "session" in double quotes is that I'm not sure if the issue is related to my Session timing out or my Forms Authentication.

The problem that I have is that I've set both the forms authentication cookie and the session state to timeout after one day (1,440 minutes), but it seems to be timing out after 20 minutes, which I understand to be the default.

In the web.config, I have
<sessionstate mode="InProc" cookieless="false" timeout="1440" />

<authentication mode="Forms">
    <forms loginUrl="~/Account/Login.aspx" timeout="1440" protection="All" defaultUrl="Default.aspx"/>

In the code behind of my login page, this is how I set my authentication cookie:
<br />
FormsAuthentication.SetAuthCookie("someValue", true);<br />

For testing purposes, I want my session to stay active for one day. When I inspect the authentication cookie on the client, the cookie information shows an expiration date that is exactly a day out from right now. I suspect that the Session is causing the issue, but why is my timeout value in the web.config being ignored?

1 solution

The following links may help you out:
Role-based Security with Forms Authentication[^][^][^]

If i misunderstand your question, please feel free to correct me.I hope the above information will be helpful. If you have more concerns, please let me know.

If this would be really helpful to you then don't forgot to Vote and Make Answer as Accepted.
jasonHall 28-Feb-11 17:16pm
As kkmummadi wrote in the thread from the 2nd link that Habib shared, you must also verify that IIS is configured correctly.

kkmummadi wrote:
If you are using ASP.NET 2.0, use have to check in the IIS.
Open the IIS, click on the Application Pools, Select the Application pool for your application.
Right Click on that, Select Properties.
In the Performance tab, Set the idle timeout as your desired minutes for "shutdown worker processes after being idle for ..... minutes".
Apart from this you have to set the timeout in web.config as said by the other friends

If you're using ASP.NET 4.0 and deploying to a machine using IIS7, go to the Application Pools, right-click your app pool and go to Advanced Settings, under Process Module set the Idle Timeout (minutes) to the modified value (20 minutes by default).

I also noticed that if you click on your website in IIS7, double-click on the Session State button, scroll down to cookies settings, you'll find a Time-out (in minutes): textbox with a value that is also defaulted to 20 minutes. I changed the Application Pools setting on my webserver and got the desired result. Thanks, Habib!
Monjurul Habib 1-Mar-11 2:09am
thank you too JasonH.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900