Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jan 09, 2013 12:35 AM by JramirezDev
Jan 08, 2013 11:26 AM|LINK
I'm developing an ASP.NET 4.5 Webforms application with SQL Server Compact 4.0, for membership i am using the Microsoft ASP.NET universal providers for SQL Compact, that means i use forms authentication and role authorizartion.
My Web.config settings for authentication and session:
<forms loginUrl="~/Default.aspx" timeout="2880" />
<sessionState mode="InProc" customProvider="DefaultSessionProvider" >
type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=188.8.131.52, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
Everything looks fine about login and folder security per role, but the problem is that the "session" (i think so) timeout is variable.. the session is finished in times between 1 minute mininum and 5 minutes maximum, and then i am redirected to the login
I will appreciate your help
Jan 08, 2013 11:36 AM|LINK
You would actually want to change the session in IIS instead of in the app. I've seen it before where IIS can override what the app settings state for session.
Jan 08, 2013 12:00 PM|LINK
Could you explain me the steps to change it in IIS?
Jan 08, 2013 12:09 PM|LINK
Sure, here is a how-to from MSDN:
Jan 08, 2013 06:54 PM|LINK
In my shared hosting i got WinServer 2012 and IIS8,
I do not found in IIS8 the settings of the article you gave me, but i found something in: Site -> Features view -> ASP.NET -> Session State
Is this Ok? the time configured there is 30minutes, but is not working.. what time should i put there?
Jan 08, 2013 09:32 PM|LINK
In my shared hosting
In a shared hosted environment, a very common problem is that the Application Pool recycles frequently. When you're using Session State In Process, that means that all sessions are lost when the Application Pool recycles. To overcome this, you should use
another Session State Mode.
But this doesn't solve the problem that users are logged out, because forms authentication has nothing to do with session. When a user logs in, an authentication ticket is created. This ticket is encrypted with the Machine Key specified in Web.Config. When
you didn't specify one, ASP.NET will create one for you. But when the application pool recycles, ASP.NET will create a new one. The authentication cookie encrypted with the previous key can't be decrypted with the new key, so the user will be redirected to
the login page. To slve this, you need to add a machine key section in Web.Config, so the same key is used on each and every requestL
Jan 08, 2013 09:39 PM|LINK
The machine Key is not the problem, i have defined one in my web.config, i will try to change the session state to be stored in my sql compact database, i think this could do the work...
Jan 08, 2013 09:46 PM|LINK
i will try to change the session state to be stored in my sql compact database, i think this could do the work...
No, because as I already said, Session has nothing to do with Forms Authentication!
Jan 08, 2013 09:54 PM|LINK
Ok understood, what do you think i should do?
Jan 08, 2013 10:04 PM|LINK
Can you show us your web.config file? Make sure to hide sensitive information....