Last post Apr 06, 2011 03:06 PM by MSUTech
Jan 27, 2011 01:34 PM|MSUTech|LINK
We have the timeout value set to 120 in our <form> tag within the web.config. We do not have a session timeout set.. and we have various connection strings.
We are having a problem where a session variable will disappear (become NULL) .. but, the form evidently remains 'open'.. or no re-login is required..... so, my question(s):
1. what is the relationship between form timeout and session timeout
2. how do I set session timeout
Jan 27, 2011 01:55 PM|shabirhakim1|LINK
Solution is from here
A session starts every time a new user hits the website, regardless of whether or not they are anonymous. Authentication has very little to do with Session.
Authentication/form timeout is the amount of time that the authentication cookie is good for on the user's browser. Once the cookie expires, they must re-authenticate to access protected resources on the site.
So, if Session times out before the Authentication cookie - they are still authenticated, but all their session variables disappear, and may cause errors in your website if you are not disciplined in checking for nulls and other conditions brought about
by missing session.
If Authentication times out before the session, then all their session variables will still exist, but they won't be able to access protected resources until they log back in again as expected.
e.g. if your session times out after 20 minutes, your session-variables will be lost. but the user could access the pages which are protected by the authentication.
if the authentication times out, the user could not access the page which it protects, and the state of the session is irrelevant.
Apr 06, 2011 03:06 PM|MSUTech|LINK
I never said thanks.. but, thanks, this is a very good explanation....