Can I change session variable's timeout individually? RRS feed

  • Question

  • User283528319 posted

    Hi all,

    I change session timeout in startup using the code below

    services.AddSession(options =>

    options.IdleTimeout = TimeSpan.FromMinutes(100);

    but how can I change timeout of session variables individually? if possible.

    Sunday, October 6, 2019 6:48 AM

All replies

  • User1289604957 posted


    Would you please <g class="gr_ gr_33 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="33" data-gr-id="33">eloborate</g> more by giving concrete examples?

    Best regards,


    Sunday, October 6, 2019 7:57 AM
  • User283528319 posted

    ı meant can we do this

    HttpContext.Session.SetString("Role", "Updater");

    HttpContext.Session.timeout("Role", 100); (as minutes)

    Sunday, October 6, 2019 8:03 AM
  • User-474980206 posted

    You will need to implement yourself. Just store the value as an object with a value and a timeout.

    Monday, October 7, 2019 12:16 AM
  • User283528319 posted

    You will need to implement yourself. Just store the value as an object with a value and a timeout.

    thanks but any code piece?

    Monday, October 7, 2019 7:30 AM
  • User753101303 posted


    No, you have an overall session timeout that needs to be as long as the longest lifetime you want for  a session variable. You could add some code to shorten the lifetime for some of them but I believe this is not your issue?

    Or if the issue is authentication (if I remember you are using a session variable) you are running into a problem I alluded earlier ie by using a session variable you tied now the authencation duration with the lifetime of those session variables.

    Edit: especially for security related code it's likely best to use what comes out of the box. For now you could just ignore what you are not using and I'll give a look at using only what one needs...

    Monday, October 7, 2019 8:04 AM
  • User475983607 posted

    If this is a continuation from your previous thread;https://forums.asp.net/p/2160399/6280466.aspx?Re+How+can+I+simplify+net+core+authentication.  Be aware the recommend and industry standard approach of using an auth cookie has this ability built-in.  The token contained within the auth cookie has a timeout which can be set to whatever you like.

    thanks but any code piece?

    Since you are writing a custom feature and not following standards, it is your responsibility to design and write the code.  Pretty simply though just add another Session value that has the timeout.  Then check the time out when accessing the value.  Or, as recommended above, create an object model that includes the value and the timeout.  There are many ways to solve this basic programming problem. 

        public class CustomRoleWithTimeout
            public string Role { get; set; }
            public DateTime? Timeout { get; set; }
            public static bool HasTimedOut(CustomRoleWithTimeout obj)
                return obj.Timeout.HasValue && obj.Timeout.Value < DateTime.Now;

    Monday, October 7, 2019 3:06 PM