locked
Session still expire after settiing timeout.. RRS feed

  • Question

  • User-805182976 posted

    Hi,session still expire after setting timeout..localsite working fine but server site session expire every 10 min or 20 min.

    Code:

     <sessionState mode="InProc" regenerateExpiredSessionId="false" timeout="110" sqlCommandTimeout ="600" cookieName="ASP.NET_SessionId" stateNetworkTimeout ="20" />
      
    
    <authentication mode="Forms">
         <forms cookieless="UseCookies" defaultUrl="Default.aspx"    loginUrl="Login.aspx" protection="All" timeout="110" >
          </forms>
    </authentication> 
        

    Saturday, October 24, 2015 12:03 AM

Answers

  • User-1199946673 posted

    When using SessionStart mode InProc, Sessions are stored in Memory. But when the Application Pool Recycles, all sessions are losed. So when you want to keep Sessions alive, you need to use another SessionState mode.

    https://msdn.microsoft.com/en-us/library/ms178586.aspx

    Also be aware that Session and Forms Authentication has nothing to do with each other. I see that you set the TimeOut of both to the same value. But you must realize that the Forms Authentiction TimeOut doesn't work as you might expect. This is because the Authentication Cookie is only reset when more than half of the Timeout Interval has elapsed. So when you set the TimeOut to 110, the Cookie expires anywhere between 55 - 110 minutes after the last request.

    https://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.slidingexpiration(v=vs.110).aspx

    Session will expire (when you're using another SessionState Mode) 110 minutes after the last request.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, October 24, 2015 6:30 AM

All replies