Last post Sep 24, 2014 12:05 PM by Rion Williams
Sep 23, 2014 02:45 AM|pradipthite|LINK
i am developing one application where i want to increase session timeout...i have set timeout in web.config file but it seems to be not working..
<sessionstate mode="InProc" timeout="2000"> please help me friends..
Sep 23, 2014 03:18 AM|Mikesdotnetting|LINK
What makes you think it's not working?
Sep 23, 2014 04:35 AM|pradipthite|LINK
I had set it but its not properly working ,after 20 minutes it is automatically closed...
so please resolve my this problem by giving me a reply as early as possible to you..
Sep 23, 2014 04:41 AM|Mikesdotnetting|LINK
after 20 minutes it is automatically closed
I'll ask again - what evidence do you have that makes you think that the session still times out after 20 minutes?
Sep 24, 2014 05:28 AM|Zhi Lv - MSFT|LINK
According to your code and description, I would like to suggest you check your code to see if there is anything breaking. Because, we could set the
timeout session attribute in the Web.config file and the code-behind file. The following is a sample, you could refer to it:
Code in Web.config file:
<sessionState mode="InProc" timeout="20"></sessionState>
Code in Page (.aspx.cs)
Session["test"] = "Hello";
Session.Timeout = 1;
Label1.Text = Session["test"].ToString();
Label1.Text = "world";
If we set the timeout session attribute like this, the session's expire time is 1 minute. So, please check you code.
If you have any other questions about my reply, please let me know freely.
Sep 24, 2014 06:17 AM|Mikesdotnetting|LINK
Zhi Lv - MSFT
According to your code and description, I would like to suggest you check your code to see if there is anything breaking.
My guess is that the OP is confusing session timeout with forms authentication timeout - a very common cause for confusion. Many people try to increase the amount of time a user is logged in by increasing the session timeout, and when the user is logged
out earlier than expected, they believe that the session has expired. In fact, the forms authentication cookie has expired. That's what I have asked the OP what makes them think that the session is timing out early.
@pradipthite: you have yet to come back and answer my question, but if what I said above seems possible, you should increase the value of your forms authentication timeout in the web.config, not the session timeout value.
Alternatively, your sessions might be cut short by the application pool associated with your site being recycled. By default, if there are no requests at all to your site for 20 minutes, the worker process will shut down killing your sessions. You will need
access to IIS to change this: http://technet.microsoft.com/en-us/library/cc771956(v=ws.10).aspx. If you cannot change the setting, you could try using AJAX to keep your sessions
Sep 24, 2014 11:06 AM|bruce (sqlwork.com)|LINK
if you want long session timeouts, you should not use the in-proc session provider. you should switch the sqlserver provider, then you can have session stored for weeks (use persistent cookie).
Sep 24, 2014 12:05 PM|Rion Williams|LINK
I agree with Mike regarding the Forms Authentication and the actual Session timeouts. This appears to happen all of the type due to the fact that people often refer to the act of a user being logged in as a "Session" and just associate the two.
If this is occurring after 20 minutes, it's very likely an Idle Timeout through IIS (seen in the third section below). I'll paste the following which I have posted in the past and contains all of the necessary steps to change all of these various
timeouts (Forms Authentication, Session and IIS Idle Timeouts) :
There are quite a few ways to set timeouts within .NET (Session Timeouts, Forms Authentication Timeouts and IIS-related Timeouts) so a few things could be going wrong here so I'll detail each of them below.
Setting the SessionState Timeout within your web.config
You can update the timeout property of your Session State (if that is what is actually timing out) within your web.config file in the <sessionState> element as shown below (default of 20 minutes shown below):
<configuration> <system.web> <!-- Adjust the timeout property below --> <sessionState mode="InProc" timeout="20"/></sessionState> </system.web> </configuration>
so you could simply change this to the number of minutes that you wanted. For instance 3 hours would be :
<sessionState mode="InProc" timeout="180"/></sessionState>
Setting the Forms Authentication Timeout within your web.config
You can adjust the specific timeout property of your Forms Authentication in your application by adjusting the timeout property within the <authentication> element of your web.config file. You will also want to be mindful that if you are using the slidingExpiration
property in conjunction with timeouts as they can actually expire much earlier than the timeout listed.
<authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="yourTimeoutInMinutes"></forms> </authentication>
So if you wanted to extend the amount that the authentication token stays "alive" for to say 180 minutes (3 hours), you would set it as seen below :
<authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="180"></forms> </authentication>
However, if you are using the slidingExpiration property, the authentication token can expire when half of the timeout duration has elapsed. So you'll likely want to double your timeout value if you are using it :
<authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="360" slidingExpiration="true"></forms> </authentication>
Setting the Application IdleTimeout property within IIS
You may need to check what your timeout is configured for within IIS, as this timeout will override the timeouts defined in your web.config.
Within IIS there is a setting called Idle Timeout, which defaults at 20 minutes. This could explain your early timeout issue and you may want to consider adjusting this property within IIS. Based on your issue, this could likely be the culprit :
Scott Hanselman also addresses strange issues that can occur when dealing with timeouts when using Forms Authentication in this blog post as