locked
If I don't use session variables, do I have to worry about timeout? RRS feed

  • Question

  • User-440622240 posted

    We use session variables to see if our clients are "logged in" to our site.  But some clients say they are suddenly logged out.  We are thinking maybe the session timed out, though we don't know that for sure.  We need to use asp.net for various things, but we were wondering - if we don't use session variables (we are thinking of using cookies instead), then do we have to worry about timeout?  Or will the asp.net page work, even if the user has gone off for a cup of coffee and come back in an hour?

    Thanks

    Saturday, June 25, 2011 6:03 AM

Answers

  • User-417784260 posted

    Yes you do.  You would not want someone to log in and remain log in indefinately so the session has to expire.  In the authenication section of the web.config you can set how long the session will last

     

        <authentication mode="Forms">
          <forms loginUrl="~/Account/LogOn" timeout="2880" />
        </authentication>
     
    Keep in mind that if the app pool your website is in recycles the session will expire also
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, June 25, 2011 6:22 AM