Hello fd's,

my requirement is that can we code in such a way that there will be no timeout unless n until we logout....

in my proj client needs that they will have ideal time but after that much time too they should not redirect to login page, they want it as unlimited session 

i have wrote in config file as

<sessionState cookieless="false" regenerateExpiredSessionId="true" timeout="129600" />

and in master page i am checking as

 if (Session["CurrentUserId"] == null)
        {
            Page.ClientScript.RegisterClientScriptBlock(this.GetType(), "scrError", "alert('You are not Authinticated. Please provide Login Credentials !');location.href='../LoginScreen.aspx'", true);
       
        }

so wht is happening here after some time it will automatically redirect to login page, and that is wht i dont want.

guys plz help me i dont want to loose the session values.. 

for this option use

Persistent cookies

Use Forms Authentication and pass the second parameter in the following line of code as true which will persist the authentication cookie at the client side.

FormsAuthentication.RedirectFromLoginPage (txtUserName.Text, true)

Upon one successful login the users will be able to come to the main page directly without loging in further.

Hope this helps. If your requirement is different pls. let me know.

 u can't set session time out to  unlimited but u can set timeout as per your requirment in web config

<system.web>

  <sessionState timeout="60"  />

or with

Dim instance As HttpSessionState
Dim value As Integer

value = instance.Timeout

instance.Timeout = value

No, You can not assign it to unlimited. 

 hi,

mohan_webdeveloper@yahoo.co.in:

there will be no timeout unless n until we logout....

based on my understanding, your requirement is that once the user signs in, as long as the user's broswer is not closed, the user doesn't need to sign in again after a specified time period(set by the timeout value). You may even want more : even the user's broswer is closed and open again, the user doesn't need to sign in.

You should understand that authentication & session are different conecpts.

authentication is a way to allow only trusted users(providing user name & pwd) to visit your site. Authentication doesn't need to depend on session to complete its work. Once a user is signed in. A cookie is issued by the web server and the cookie is sent back to the client(broswer) so that subsequent http reqeusts from this broswer can include this cookie to prove that the user has been authenticated. Once the cookie in the client side is timeout, subsequent http requests can no longer include it to prove that the user has been authenticated. Then, the web server asks the user to sign in again.

session is a way to identify your site users(authenticated users or non-authenticated users) so that you can store user specific data in your web server. The session cookis is similar to authentication cookie except that its purpose is to prove that the user has visited the site under a specific id(session id) before the current reqeust. With the session id , the web server can retrieve the session data(if there is any) specific to the user.

Based on the concepts i described above,

mohan_webdeveloper@yahoo.co.in:

<sessionState cookieless="false" regenerateExpiredSessionId="true" timeout="129600" />

this setting sets the timeout property of the session cookie,  not the authentication cookie.

here is my example for authentication.

1    public partial class Login : System.Web.UI.Page
2    {
3        protected void Page_Load(object sender, EventArgs e)
4        {
5             //this.Session is null
6        }
7        protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
8        {
9            Page.Validate();
10           if (!Page.IsValid) return;
11  
12           String hash = FormsAuthentication.HashPasswordForStoringInConfigFile(this.Login1.Password, "MD5");
13           if (FormsAuthentication.Authenticate(this.Login1.UserName, hash))
14           {
15               FormsAuthentication.RedirectFromLoginPage(this.Login1.UserName, false);//to use persistent cookie, set "true".
16           }
17           else
18           {
19               Response.Write("Invalid username or password!");
20           }
21       }
22   }
23  
24   <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" %>
25  
26   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
27  
28   <html xmlns="http://www.w3.org/1999/xhtml" >
29   <head runat="server">
30       <title>Untitled Page</title>
31   </head>
32   <body>
33       <form id="form1" runat="server">
34       <div>
35           <asp:Login ID="Login1" runat="server" OnAuthenticate="Login1_Authenticate">
36           </asp:Login>
37      
38       </div>
39       </form>
40   </body>
41   </html>
42  
43   <system.web>
44       <trace enabled="true" pageOutput="true"/><!--you can check that there is no the sessionid and the session state.-->
45       <sessionState mode="Off"/><!--disable session state to prove that authentication does not need session.-->
46  
47      <authentication mode="Forms">
48         <forms name="formAuth" loginUrl="Login.aspx" cookieless="UseCookies" timeout="10000">
49           <credentials passwordFormat="Clear">
50             <user name="yhq" password="08F8E0260C64418510CEFB2B06EEE5CD"/><!--plain pwd is 'bbb'-->
51           </credentials>
52         </forms>
53       </authentication>
54   </system.web>

please let me know if my pose can not solve your problem. Thank you.

session time out is maximum 1 year

Ok i have found one solution for keep Session timeout active till i close the browser..

here is the code i have written in master page

 string _currentUrl = Request.RawUrl.ToString();
        Response.AppendHeader("Refresh", "600; URL=" + _currentUrl + "");

 this will help me to keep active bcoz it will refresh the page after specified time here 10min...

so will it be fine in every context? "actually i have one form and it may take more than 10min to fill it up,wht happen it will refresh the page in between and lost my text value etc" this problem seems to be very dangerous that i am confused to keep this code as a solution....

any help regarding the same is appreciataible....

Thnx 

 Hi mohan,

This code is perfect for refreshing your page on some time basis but this will post your page back to the server and all the events of page life cycle will executed again.
In this case page will not store viewstate of any control. It will store when your page will get postback by clicking button or something. I hope you are getting me. I suggest better you extend your timeout period of session in web.config. I don't think so that there can me any page where filling data would take time more than 20-30 minutes. And if so then this much time you can set into web.config.

Cheers !!!!!