Session times out in less time than I set

  • Thread starter Thread starter gnewsgroup
  • Start date Start date
G

gnewsgroup

I am using forms authentication for my web application.

In web.config, I have this:

<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="120"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="Default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>
</authentication>

And in my Login.aspx.cs, I have this:

FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(1, username, DateTime.Now,
DateTime.Now.AddMinutes(120), false, "userdata");
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie =
new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
Response.Cookies.Add(cookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(username,
false));

I ran my web app, log in, let it idle for 1 hour 40 minutes, then I
click on something, but was logged out. It's not 2 hours yet.

What do you think is causing the problem? Thank you.
 
asp.net has an application idle (shutdownTimeout) setting defaulted to 30
minues. if noone hits the site and you use inproc sessions, then they will be
lost at the thirty minute mark.


-- bruce (sqlwork.com)
 
asp.net has an application idle (shutdownTimeout) setting defaulted to 30
minues. if noone hits the site and you use inproc sessions, then they will be
lost at the thirty minute mark.

-- bruce (sqlwork.com)
Click to expand...

Ha, very interesting. Yes, I use inproc mode. Is this 30 min default
changeable in web.config or machine.config? Also, if this documented
by MSDN? Can I get a reference to the doc? Thank you very much.
 
asp.net has an application idle (shutdownTimeout) setting defaulted to 30
minues. if noone hits the site and you use inproc sessions, then they will be
lost at the thirty minute mark.

-- bruce (sqlwork.com)
Click to expand...

I have been trying hard to find any documentation about this, but
could not find any.
I've tried InProc mode, and since the result does not seem to be
reliable, then I tried using SQLServer mode.

But, still a session can be lost shorter than the timeout I set in
web.config.

Please be advised, that when I tested it, I tried not to touch any
file in my web application.

Any idea why this happens? And is there a way to keep a session alive
for 2 to 3 hours even if no one is using the web application?

Please share your wisdom and thank you very much.
 
I have been trying hard to find any documentation about this, but
could not find any.
I've tried InProc mode, and since the result does not seem to be
reliable, then I tried using SQLServer mode.

But, still a session can be lost shorter than the timeout I set in
web.config.

Please be advised, that when I tested it, I tried not to touch any
file in my web application.

Any idea why this happens? And is there a way to keep a session alive
for 2 to 3 hours even if no one is using the web application?

Please share your wisdom and thank you very much.
Click to expand...

Anyone out there has a clue? I feel helpless with the session
timeout.

It looks like if the timeout value I set for Forms Authentication and
sessionState in web.config is smaller than 30 minutes, the system
honors the timeout setting

But if I set the value to be much bigger, then whether I use InProc or
SQLServer, my session always timeout 30 minutes or so.

Any idea how I can keep the session alive for 2 to 3 hours?

Thank you.
 
Anyone out there has a clue? I feel helpless with the session
timeout.

It looks like if the timeout value I set for Forms Authentication and
sessionState in web.config is smaller than 30 minutes, the system
honors the timeout setting

But if I set the value to be much bigger, then whether I use InProc or
SQLServer, my session always timeout 30 minutes or so.

Any idea how I can keep the session alive for 2 to 3 hours?

Thank you.
Click to expand...

Does it help to change the timeout values in processModel element?
 
Does it help to change the timeout values in processModel element?
Click to expand...

Hmm, looks like no one has a clue about this issue. I have been
testing this session timeout like crazy, and I am not getting
predictable, consistent results.

You guys never have any issue with session timeout? Our client would
like to keep a session alive for at least 2 hours, and it seems that
we cannot make this happen. It always timeout 30 minutes or so, no
matter what I try.

I've tried InProc, I've tried SqlServer state modes. I've modified
the processModel element of machine.config like so:

<processModel enable="true" idleTimeout="120" shutdownTimeout="120"
timeout="120" autoConfig="false" />

None of these helped.

I am using forms authentication, and I always set the same value for
forms authentication timeout and session timeout in web.config.

Ok, does any guru have a clue? Any hint is highly appreciated.
 
Hmm, looks like no one has a clue about this issue. I have been
testing thissessiontimeoutlike crazy, and I am not getting
predictable, consistent results.

You guys never have any issue withsessiontimeout? Our client would
like to keep asessionalive for at least 2 hours, and it seems that
we cannot make this happen. It alwaystimeout30 minutes or so, no
matter what I try.

I've tried InProc, I've tried SqlServer state modes. I've modified
the processModel element of machine.config like so:

<processModel enable="true" idleTimeout="120" shutdownTimeout="120"timeout="120" autoConfig="false" />

None of these helped.

I am using forms authentication, and I alwayssetthe same value for
forms authenticationtimeoutandsessiontimeoutin web.config.

Ok, does any guru have a clue? Any hint is highly appreciated.
Click to expand...

OK, it seems that the session timeout setting in my web.config works
fine on my development machine. But on my client's production server,
session always timeout in 20 minutes. I gave it a few tests, at 19
minutes, it is alive, but at 21 minutes, it is dead. However, I am
using the same web.config. Any idea what might be giving me this
trouble on the production server? Thank you.
 
I cannot remember at the top of my head but will try to find for you
tommorow, but I believe you can set the session time outs in IIS in the
properties of the website. I will try to look for that for you
tommorow. I am not at work is why.
 
I cannot remember at the top of my head but will try to find for you
tommorow, but I believe you can set the session time outs in IIS in the
properties of the website. I will try to look for that for you
tommorow. I am not at work is why.
Click to expand...

Thank you. I know that we can set the session timeout with the IIS
control panel. But some gurus on this board told me that that one is
only meant for classic ASP. My web application is .net 2.0.

Well, with IIS control panel, we do have the ability to set the
timeout for .net web application as well, but Juan Libre told me that
it'll be overriden by whatever value I set in web.config anyway.
 
Back
Top