Click here to Skip to main content
15,944,733 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:

i m developing web app which i m using web.config file for maintaining session.

after successfully login when ever i click to new form, sometime it runs fine,sometime it automatically logout.

can anyone tell me what is the problem.
my web.config file code is as shown below.
		<!--<add name="ConnStr" connectionstring=";Database=abc;UID=abc;Password=abc;MultipleActiveResultSets=True" />-->
		<!--<add name="ConnStr" connectionstring="Data Source=PC-1\SQLEXPRESS;Database=abc;Integrated Security=True;MultipleActiveResultSets=True " />
		<httpruntime executiontimeout="90" maxrequestlength="4096" usefullyqualifiedredirecturl="false" minfreethreads="8" minlocalrequestfreethreads="4" apprequestqueuelimit="100" enableversionheader="true" />
          Set compilation debug="true" to enable ASPX debugging.  Otherwise, setting this value to
          false will improve runtime performance of this application. 
          Set compilation debug="true" to insert debugging symbols (.pdb information)
          into the compiled page. Because this creates a larger file that executes
          more slowly, you should set this value to true only when debugging and to
          false at all other times. For more information, refer to the documentation about
          debugging ASP.NET files.
		<compilation defaultlanguage="c#" debug="true">
				<add assembly="System.Windows.Forms, Version=, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
          Set customErrors mode="Off" or "RemoteOnly" to enable custom error messages, "Off" to disable. 
          Add <error> tags for each of the errors you want to handle.

          "On" Always display custom (friendly) messages.
          "Off" Always display detailed ASP.NET error information.
          "RemoteOnly" Display custom (friendly) messages only to users not running 
           on the local Web server. This setting is recommended for security purposes, so 
           that you do not display application detail information to remote clients.
		<customerrors mode="Off" />
          This section sets the authentication policies of the application. Possible modes are "Windows", 
          "Forms", "Passport" and "None"

          "None" No authentication is performed. 
          "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to 
           its settings for the application. Anonymous access must be disabled in IIS. 
          "Forms" You provide a custom form (Web page) for users to enter their credentials, and then 
           you authenticate them in your application. A user credential token is stored in a cookie.
          "Passport" Authentication is performed via a centralized authentication service provided
           by Microsoft that offers a single logon and core profile services for member sites.
		<!--<authentication mode="Windows" />-->
          This section sets the authorization policies of the application. You can allow or deny access
          to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous 
          (unauthenticated) users.
			<allow users="*" />
			<!-- Allow all users -->
			<!--  <allow users="[comma separated list of users]">
                             roles="[comma separated list of roles]"/>
                  <deny users="[comma separated list of users]">
                             roles="[comma separated list of roles]"/>
          Application-level tracing enables trace log output for every page within an application. 
          Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
          trace information will be displayed at the bottom of each page.  Otherwise, you can view the 
          application trace log by browsing the "trace.axd" page from your web application
		<trace enabled="false" requestlimit="10" pageoutput="false" tracemode="SortByTime" localonly="true" />
          By default ASP.NET uses cookies to identify which requests belong to a particular session. 
          If cookies are not available, a session can be tracked by adding a session identifier to the URL. 
          To disable cookies, set sessionState cookieless="true".
		<sessionstate mode="InProc" stateconnectionstring="tcpip=" sqlconnectionstring="data source=;Trusted_Connection=yes" cookieless="false" timeout="2000" />
          This section sets the globalization settings of the application. 
		<globalization requestencoding="utf-8" responseencoding="utf-8" />
Updated 25-Mar-11 21:50pm
Sandeep Mewara 26-Mar-11 6:16am    
Have you hosted this in IIS? Or the timeout happening in VS webserver?
jeet786 26-Mar-11 8:31am    
i have hosted on IIS server
Sandeep Mewara 26-Mar-11 8:44am    
Did you see what is the session timeout on IIS configured?
jeet786 28-Mar-11 5:42am    
no,pls tell me how can i check it.

thanks in advance
Sandeep Mewara 28-Mar-11 5:45am    
Did you see my answer?

1 solution

<sessionstate mode="InProc" stateconnectionstring="tcpip=" sqlconnectionstring="data source=;Trusted_Connection=yes" cookieless="false" timeout="2000" />

This does not look ok.

If you want to use InProc then do:
<sessionstate mode="InProc" timeout="20" />

This would keep the session active for 20 minutes.

If you want to use OutProc then, first choose - State Server or SQL Server. Based on that keep that part in session tag of config. Example, for session state:
<sessionstate mode="InProc" stateconnectionstring="tcpip=" timeout="20" />

P.S.: Using 2000 as a timeout value is not suggestible.
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900