locked
Session Cookie is removed before session times out RRS feed

  • Question

  • User1442286028 posted

    I have a site that is using a session cookie to keep a few pieces of information but for some reason it seems to get removed before the time out.

    In the global.asax I have

     void Session_Start(object sender, EventArgs e)
            {
                HttpCookie jobTrax = Request.Cookies.Get("JobTrax");
                      
                if ((null != jobTrax))
                {
                    if (Request.Cookies["JobTrax"] != null)
                    {
                        HttpCookie myCookie = new HttpCookie("JobTrax");        
                        myCookie.Expires = DateTime.Now.AddDays(-1d);
                        Response.Cookies.Add(myCookie);
                    }
                    Context.GetOwinContext().Authentication.SignOut();          
                    Session.Abandon();
                    Session.RemoveAll();
                    Response.Redirect("~/Account/Login",false);
                }           
            }

    and in the web.config I have SessionState timeout = 30

    This works perfectly when I am in my local environment but when I move the web forms app to either our test or development servers after about 2 minutes of no activity if I click a button or do anything on the site I get redirected to the login screen.

    I am using asp.net 4.5 with the new identity. an I do not have the <authentication> tag in my web.config.  Is it possible my authentication is timing out and that is what is causing the redirect to my login screen which then removes my cookie?

    Wednesday, July 16, 2014 12:45 PM

Answers

All replies

  • User1442286028 posted

    Ok in my web.config I have added

     <remove name="FormsAuthentication" />

    then in Startup.Auth.cs I have

    public void ConfigureAuth(IAppBuilder app)
            {
                // Enable the application to use a cookie to store information for the signed in user
                // and also store information about a user logging in with a third party login provider.
                // This is required if your application allows users to login
                app.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                    LoginPath = new PathString("/Account/Login"),
                    ExpireTimeSpan = TimeSpan.FromMinutes(30)
                    
                });
    }

    For some reason I am still getting a timeout after about 2 min.  I was assuming my authorization was timing out that was causing the app to go to the login screen, which would then remove the cookie.

     

    Wednesday, July 16, 2014 3:17 PM
  • User-1818759697 posted

    Hi,

    For this situation, it may be a Idle timeout setting problem. Timeout has Session Timeout and Idle Timeout.  Session timeout is set from web.config and from iis too. Default timeout is 20 minutes if you want more than that set in your session state.  Idle timeout only set from iis, you could check within the iis settings:

    idle-timeout-iis-settings

    For more information, you could refer to:

    http://blogfornet.com/2013/06/timeout-settings-in-iis-and-web-config/

    http://forums.asp.net/t/1887538.aspx?Setting+Idle+time+out+time+in+AS+NET

    Regards

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 17, 2014 3:39 AM
  • User1442286028 posted

    That was it.  Somehow the Idle Timeout was set to 1 min.

    Thursday, July 17, 2014 8:36 AM