locked
Session State timeout after 5 minutes RRS feed

  • Question

  • User672435006 posted

    Hi,

    I have a website which is created in asp.net 4.0 vb.net. I am using forms authentication to an SQL server database. The database and website are both hosted with goDaddy. If i login using login control and leave it idle for 5 minutes and get automatically logout when i refresh. If i run the site locally on visual studio 2017 which is the exact same code and authenticates to the sql databse on godaddy i can stay logged in for 20 minutes leaving it idle.

    I have set the session state to 20 minutes in the web.config file.

    My web.config has the following

    <sessionState mode="InProc" cookieless="false" timeout="20"></sessionState>

    and

    <authentication mode="Forms">
    <forms name="samplecookie"
    defaultUrl="~/input.aspx"
    timeout="20"
    path="/"
    protection="All"
    slidingExpiration="true"
    loginUrl="login.aspx">
    </forms>
    </authentication>

    If i look at the cookie details on firefox the expiry is set to "session" and not a time 20 minutes from login.

    Anyone have a solution, ive been trying to solve this for days.

    thanks

    Tuesday, January 30, 2018 4:17 PM

All replies

  • User475983607 posted

    Session and authentication are two different frameworks.  Are you storing user credentials or something user related in Session?  Keep in mind that you might not have control over Session on a shared hosting services. 

    Tuesday, January 30, 2018 4:40 PM
  • User672435006 posted
    Thanks for the quick reply. I'm only wanting to keep the user logged in if idle for up to 20 minutes.
    Tuesday, January 30, 2018 7:14 PM
  • User475983607 posted

    Thanks for the quick reply. I'm only wanting to keep the user logged in if idle for up to 20 minutes.

    So you are NOT using Session? 

    Can you show the code that authenticates the user and populates the authentication cookie?

    Tuesday, January 30, 2018 7:19 PM
  • User672435006 posted

    Hi mgebhard,

    All i have is login control, the user enters their credentials. I have a connectionstring in web.config and a method in login.asp.vb for loggedin users.

    login.aspx

    <tr>
    <td>
    <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">Username:</asp:Label>
    </td>
    <td align="left">
    <asp:TextBox ID="UserName" runat="server" Width="130px" OnTextChanged="UserName_TextChanged"></asp:TextBox>
    <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName"
    ErrorMessage="User Name is required." ToolTip="User Name is required." ValidationGroup="Login1">*</asp:RequiredFieldValidator>
    </td>
    </tr>
    <tr>
    <td align="center" colspan="2">
    &nbsp;
    </td>
    </tr>
    <tr>
    <td>
    <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
    </td>
    <td align="left">
    <asp:TextBox ID="Password" runat="server" TextMode="Password" Width="130px"></asp:TextBox>
    <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password"
    ErrorMessage="Password is required." ToolTip="Password is required." ValidationGroup="Login1">*</asp:RequiredFieldValidator>
    </td>
    </tr>
    <tr>
    <td align="center" colspan="2" style="color: Red;">
    <asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal>
    </td>
    </tr>
    <tr>
    <td>
    &nbsp;
    </td>
    <td>
    &nbsp;
    </td>
    </tr>
    <tr>
    <td>
    &nbsp;
    </td>
    <td align="left">
    <asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Log In" ValidationGroup="Login1" OnClick="LoginButton_Click" />
    </td>
    </tr>

    login.aspx.vb

    Protected Sub Login1_LoggedIn(ByVal sender As Object,
    ByVal e As System.EventArgs) Handles Login1.LoggedIn

    Response.Redirect(Login1.DestinationPageUrl)
    End Sub

    web.config

    <connectionStrings>
    <remove name="LocalSqlServer"/>
    <add name="LocalSqlServer" connectionString="Data Source=******.com;Initial Catalog=********;User ID=**********;Password=************"/>
    </connectionStrings>
    <system.web>
    <sessionState mode="InProc" cookieless="false" timeout="20"></sessionState>
    <roleManager enabled="true">
    </roleManager>
    <customErrors mode="Off" />
    <globalization uiCulture="en-GB" culture="en-GB" />
    <httpHandlers>
    <add path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
    validate="false" />
    </httpHandlers>
    <pages enableSessionState="true">
    <controls>
    <add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting"
    assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </controls>
    </pages>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
    <assemblies>
    <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=********************"/>
    <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=**************"/>
    <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=***************"/>
    <add assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=**********"/>
    </assemblies>
    </compilation>
    <authentication mode="Forms">
    <forms name="samplecookie"
    defaultUrl="~/input.aspx"
    timeout="20"
    path="/"
    requireSSL="true"
    protection="All"
    slidingExpiration="true"
    loginUrl="login.aspx">
    </forms>
    </authentication>
    <authorization>
    <deny users="?"/>
    </authorization>
    </system.web>
    <location path="Images">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="admin.aspx">
    <system.web>
    <authorization>
    <allow users="user" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>
    </configuration>

    Wednesday, January 31, 2018 6:33 PM
  • User475983607 posted

    The login control works with ASP Membership but you do not have ASP Membership configured nor is the posted code the login control markup.  There is an ASP button wired to a LoginButton_Click handler but you did not post the code.  I suspect that the user is never authenticated.  

    See the ASP Membership docs...

    https://msdn.microsoft.com/en-us/library/ms178329.aspx

    https://msdn.microsoft.com/en-us/library/879kf95c.aspx

    Or show the relevant bits of your code.

    Wednesday, January 31, 2018 6:44 PM
  • User672435006 posted

    Hi,

    I have shown you all the relevant code. The loginbutton_click event was a mistake, the method was empty. My login button code is - 

    <asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Log In" ValidationGroup="Login1" />

    I have a masterpage with a loginstatus and loginview. 

    masterpage

    <%@ Master Language="VB" CodeFile="MasterPage.master.vb" Inherits="MasterPage" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
    <title>MIT</title>
    <link href="css/layout.css" type="text/css" rel="stylesheet" />
    <asp:ContentPlaceHolder id="head" runat="server">
    </asp:ContentPlaceHolder>
    </head>
    <body>
    <form id="form1" runat="server">
    <div id="topContent" align="center">
    <asp:Image ID="Image1" runat="server" ImageUrl="~/Images/SLCUlogo.jpg" Height="141px" Width="390px"/>
    </div>
    <div id="mainContent" align="center">
    <br />
    <asp:LoginView ID="MasterLoginView" runat="server">
    <LoggedInTemplate>
    You are logged in as
    <asp:LoginName ID="MasterLoginName" runat="server" Font-Bold="True" />
    </LoggedInTemplate>
    </asp:LoginView>
    &nbsp;&nbsp;&nbsp;<asp:LoginStatus ID="MasterLoginStatus" runat="server" LogoutAction="Redirect" LogoutPageUrl="default.aspx" LoginText="" LogoutText="{Logout}" />
    <br />
    <br />
    </div>
    <div id="navmenu" align="center">
    <asp:Menu ID="NavigationMenu" runat="server" EnableViewState="false"
    IncludeStyleBlock="True" Orientation="Horizontal" ForeColor="#000066"
    BackColor="White" RenderingMode="Table">
    <Items>
    <asp:MenuItem NavigateUrl="~/input.aspx" Text="Home"/>
    <asp:MenuItem NavigateUrl="~/admin.aspx" Text="User Overview"/>
    <asp:MenuItem NavigateUrl="~/createuser.aspx" Text="Create User"/>
    <asp:MenuItem NavigateUrl="~/monthgrid.aspx" Text="Edit User Data"/>
    </Items>
    <StaticMenuItemStyle BorderStyle="Solid" BorderWidth="1px"
    HorizontalPadding="20px" />
    </asp:Menu>
    <br />
    <asp:ContentPlaceHolder ID="MainContent" runat="server">
    </asp:ContentPlaceHolder>
    </div>
    </form>
    </body>
    </html>

    Its driving me nuts as i cant figure out how its doing it. I did the login part about 2 yrs ago from a tutorial. The loginbutton doesnt have an onclick event so when i click it im not sure what code it is running to compare the username and password the user types in with the credentials held at godaddy server. I have the connectionstring to godaddy in web.config. It does check as i have made sure the credentials are in the table.

    Wednesday, January 31, 2018 9:56 PM
  • User475983607 posted

    Again, there is nothing that is can see in the posted code that indicates ASP Membership is wired up.  As far as I can tell the login button does nothing.  Heck the only thing named Login1 in the posted code is the validation group.  

    Protected Sub Login1_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoggedIn
    	Response.Redirect(Login1.DestinationPageUrl)
    End Sub

    I find it hard to believe the posted code authenticates at all.  

    Wednesday, January 31, 2018 10:18 PM
  • User672435006 posted

    Hi,

    The login control is using the layouttemplate - https://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.login.layouttemplate.aspx

    The button in the code in link doesnt have an onclick event as well other examples if looked at using layouttemplate.

    My connectionstring is named the same as the connectionstring in my machine.config which is locally installed. My connectionstring is called LocalSqlServer. i commented the connectionstring line out and tried to login and i got an error referencing the machine.config file locally installed.

    I have posted all the code i have. When i run it locally i am logged in for 20 minutes and when i login via hosting (goDaddy) im logged out after 5 minutes.

    Thanks for spending time looking at it.

    Thursday, February 1, 2018 10:51 AM
  • User-1734434928 posted

    Maybe you need to confirm with Godaddy regarding the setting of "Idle Timeout" of your application pool.

    Monday, February 19, 2018 1:03 AM