Session Timeout isn't working correctly.

  • Thread starter Thread starter Mufasa
  • Start date Start date
M

Mufasa

Folks,
I'm having problems with my session timeout. People using my website leave
it just sitting there while they do other things. They have logged in (
using Forms Authentication ) and will be doing other things will a page of
mine is up on the screen. But the session times out so that when I try and
use a session variable, it crashes saying Object reference not set to an
instance of an object.

So I put
<sessionState timeout="4800" />

in my web.config (I know it's ridicously long....)

I went in to IIS and changed the Session timeout to 720.

I stopped IIS and restarted it.

I verified the setting in Session Timeout.

I put on my page a print of the session timeout and it shows 4800.

But people are still getting the error after 30 minutes.

What am I missing? Do I want to disable Session State?

TIA - Jeff.
 
Option 1: Set up a redirect on the page a minute or two less than session
timeout. Redirect to logout.aspx and abandon the session there. Then, a user
that walks away is logged out and cannot get the ASPX error. On the logout
page have the message: "you have been logged out due to a timeout in your
session, click here to log in again". Or you can duplicate the login box on
that screen. Your choice.

If you choose this option, you should also disable the back button. The
easiest way is to set up JavaScript that pushes the person forward one page
in history, so they are always on the page ahead of the page they are on.

<script language="javascript">
window.history.forward(1);
</script>

Option 2: Set up a friendly error page that says something like:

There was an error in the application. One of the most common reasons is you
were an idiot and walked away while you were filling out a form. If this is
you, click here to log in again.

Yes, the message was a joke, but you should get the idea. :-)

I would try option 1 first. It is friendlier and th

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

or just read it:
http://gregorybeamer.spaces.live.com/

********************************************
| Think outside the box! |
********************************************
 
Your missing the point. I want to make the session last longer.

I already have it where if the session times out it goes to the login page.
I want the session to last longer.

J.
 
asp.net has an idle timeout. if the site is not used in the timeout (usually
20 minutes) then it cycles down losing session. you can increase the idle
timeout with iis under app pool settings.

you should also handle a lost session with code, as there can be many causes
of a recycle.


-- bruce (sqlwork.com)
 
re:
!> I want to make the session last longer.

Write a meta tag which refreshes the page 5 minutes before your session timeout.

If you are timing out your sessions at 20 minutes, use this meta tag :

<meta http-equiv="refresh" content="900">

That tag will auto-refresh the page every 15 minutes,
extending your session and keeping your session variables intact.

content="xxx" is a property measured in seconds.
Set the number of seconds to refresh your pages to whatever you feel is convenient.

The only quid pro quo is that it should be a lesser number
of seconds than what your session timeout is configured for.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
 
So what everybody is telling me is there is no way to permanently change the
session timeout.

Even though it looks like it's setable it doesn't actually work.....
 
re:
!> there is no way to permanently change the session timeout

Of course there is, but that isn't what you asked, is it ?

I think that what you want to do is extend the
*Forms Authentication* timeout, and not the Session timeout.

When you use Forms Authentication, the ASP.NET session timeout doesn't much matter.
"Forms Authentication" timeout and "Session" timeout are two different animals.

Change the Forms Authentication timeout in web.config :

<authentication mode="Forms">
<forms name=".NAME" loginUrl="Login.aspx" protection="All" timeout="20" path="/" slidingExpiration="true">
</forms>
</authentication>

Set the "timeout" property to whatever length of time you need.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
 
Back
Top