How to set session timeout

[Geigho]

Setting session timeout in web.config file does not seem
to have any effect. Any explanation or suggestion will be
appreciated.

 

[Marina]

That would be the way to do it.

What makes you think that it is not working?

 

[geigho]

I am using a form based login. It does not matter what
value I set timeout to (e.g timeout="1", timeout="20",
timeout="120", etc), the application always takes me back
to the login form after approximately 20 minutes of not
posting the page back to the server.

<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password=" cookieless="true" timeout="1" />

 

[Marina]

forms authentication and session state are not related.

youre forms authentication timeout specifies how long after a period of
inactivity should the user be taken back to the login page.

Session state just says how long to maintain session data for. If the
session timeout is shorter then the authentication timeout, the session data
will dissapear, but the user will still be authenticated, and thus not be
asked to relog in.

 

[geigho]

Thanks! But how do you set forms authentication timeout?
If I saved authentication flag in a session variable and
the session timed out, is the variable still available?
If not, then won't this cause the login page to be
redisplay since the authentication code (logic) cannot
read the value set in the session variable?

 

[Jeff Ptak]

You set this value in the constructor for the
FormsAuthenticationTicket as shown below. After your user
is authenticated, try something like the following:

FormsAuthenticationTicket tkt;
string CookieStr;
HttpCookie ck;

// Create new Auth Ticket. Last argument authentication
timeout expressed in seconds.

SessionTimeout = 30; //Timeout in minutes

tkt = new FormsAuthenticationTicket(txtUserName.Text,
false, SessionTimeout * 60);

// Encrypt ticket
CookieStr = FormsAuthentication.Encrypt(tkt);

// Create the cookie
ck = new HttpCookie(FormsAuthentication.FormsCookieName,
CookieStr);

//Add cookie to HTTP header
Response.Cookies.Add(ck);

// Redirect to the main page
Response.Redirect("Default.htm", true);

HTH.

J. Ptak

 

[geigho]

Thanks.

-----Original Message-----
You set this value in the constructor for the
FormsAuthenticationTicket as shown below. After your user
is authenticated, try something like the following:

FormsAuthenticationTicket tkt;
string CookieStr;
HttpCookie ck;

// Create new Auth Ticket. Last argument authentication
timeout expressed in seconds.

SessionTimeout = 30; //Timeout in minutes

tkt = new FormsAuthenticationTicket(txtUserName.Text,
false, SessionTimeout * 60);

// Encrypt ticket
CookieStr = FormsAuthentication.Encrypt(tkt);

// Create the cookie
ck = new HttpCookie(FormsAuthentication.FormsCookieName,
CookieStr);

//Add cookie to HTTP header
Response.Cookies.Add(ck);

// Redirect to the main page
Response.Redirect("Default.htm", true);

HTH.

J. Ptak

.