HI,

I would like to know the best used way to handle session timed out.

Thanks for the help.

Hi,

Please have a lok at this thread..

http://forums.asp.net/t/1376905.aspx

Thanks

Hi,

There are two things which affect on session:

1. <sessionState mode ="InProc" timeout="540"/> -- life of objects stored in session store. --default is 20 mins.

2.

<authentication mode="Forms"> <forms timeout="540" slidingExpiration="true" loginUrl="~/Login.aspx" />

</authentication>

ASP.NET Login Session expiry depends on #2

So if your forms session  timeout you set to 2 mins. and sessionState timeout is 10 MINS. then following things will happen:

1. You are not authenticated user after 2 minutes.

2. All your data stored in session will is still alive -- because it is 10 MINS.

Have a look at it:

http://www.rezashirazi.com/post/2008/11/Increase-session-timeout-of-aspnet-login-control.aspx

Here are different places from where you can set timeouts:-


1- Web COnfig
--------------------
      <forms loginUrl="sampleloginpage.aspx"
                name="samplecookie"
                timeout="45"
                path="/"
                requireSSL="true"
                protection="All">
      </forms>

    <sessionState
            mode="InProc"
            stateConnectionString="tcpip=127.0.0.1:42424"           
            cookieless="false"
            timeout="45"
    />

2-Global.asax Session_Start Event
---------------------------------
or you can also set this in global.asax file as

Session.Timeout = 60 ; // in Session.Start() event

3-sessionState
---------------

to set session timeout to 45 minutes write this in the web.config file :

<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20"/>

 The maximum limit for session timeout is 525,600 minutes(1 year)  -   (365 days x 24 hours x 60 min)

 Hi hulkwsu,

Lots of things could happen which can recycle the aspnet worker process thus to expire the session.

1- Modify the web.config file or replace files in the bin folder at runtime
2- Delete folders from inside the application root folder at runtime.
3- Virus scan on the server.
4- Memory leaks

There are 3 modes of sessionstate. First need to decide with which mode you want to proceed.

[1]In Process:<sessionState mode="InProc" cookieless="false" timeout="20" />
[2]StateServer (outProcess):
<sessionState mode="StateServer" stateConnectionString="tcpip=myserver:42424" cookieless="false" timeout="20" />
 
[3]SQLServer (database based):
 <sessionState mode="SqlServer" sqlConnectionString="data source=127.0.0.1;user id=sa; password="  cookieless="false" timeout="20" />

If you want to enhance the length of the timeout, you can set the timeout property.

Or configure the IIS.

For more information which is related to Session, please check the following links:

ASP.NET Session State
http://msdn.microsoft.com/en-us/library/ms972429.aspx
Session FAQ
http://www.syncfusion.com/faq/aspnet/web_c9c.aspx
Underpinnings of the Session State Implementation in ASP.NET
http://msdn.microsoft.com/en-us/library/aa479041.aspx

ASP.NET Session State
http://forums.asp.net/p/1434220/3238407.aspx#3238407

increase session timeout
http://forums.asp.net/t/1283350.aspx
http://forums.asp.net/p/1430522/3209701.aspx#3209701

If you have any questions, please feel free to let me know.

The best way to handle this is to always check that a session variable exists before using it.  Something like:

if(Session["YourValue"] != null)
{
        string val = Session["YourValue"].ToString();
}
else
{
        Session["YourValue"] = "Some value";
}