How to implement session time out in asp.net web application ? RRS feed

  • Question

  • User428957395 posted

    Hi Team,

    working on the session time out issue in asp.net web application and implemented following way 


    added the session time out 5 min and in iis session state also 5 min


    session_strart written code as follows

    if (Request.IsSecureConnection == true)
    Response.Cookies["ASP.NET_SessionID"].Secure = true;
    HttpCookie oCookie = Response.Cookies["ASP.NET_SessionID"];
    string szCookieHeader = System.Web.HttpContext.Current.Request.Headers["Cookie"];
    if ((null != szCookieHeader) && (szCookieHeader.IndexOf("ASP.NET_SessionID") >= 0))
    System.Web.HttpContext.Current.Response.AppendHeader("Refresh", Convert.ToString((Session.Timeout * 60)) + ";URL=SessionExpirePage.aspx");

    my question the session is not time out and when restart the app pool its only  session time out happening with one user only but for multiple users its not happening

    let us know how to implement the above.

    Thanks in advance


    Tuesday, March 3, 2020 4:40 PM

All replies

  • User753101303 posted


    As written it should happen for a user that does NOT have any session variable (Session_Start happens again and again until the first session variable for this user is created) and/or for which all cookies are blocked...

    My personal preference is to use values I can reload as needed from a persistant storage. This way I just don't have to care about the sesssion timeout.

    Tuesday, March 3, 2020 5:14 PM
  • User428957395 posted

    Hi PatriceSc,

    Thanks for your reply, please let me know how to implement  persistant storage.



    Tuesday, March 3, 2020 5:36 PM
  • User428957395 posted

    Hi Lewis,

    Thank you for response but its working for single user only but multiple users its not showing. And for single user also if the user is in default.aspx then only the session time out is happening otherwise its not showing the session time out page

    please let know further steps to resolve

    Wednesday, March 4, 2020 9:55 AM
  • User753101303 posted


    What are you storing in the browser session which is not stored already somewhere ? A common thing I see is using Session to roll your own authentication rather than using what ASP.NET offers out of the box.

    When needed I'm using something such as https://www.codeproject.com/Articles/16656/Manage-ASP-NET-Session-Variables-using-the-Facade ie  a static class whose properties are stored using an underlying session variable. If a value is missing rather than using a default value it could be retrieved from a database for example.

    If for now you want to keep your current approach before considering a design change maybe from https://docs.microsoft.com/en-us/dotnet/api/system.web.httpapplication.prerequesthandlerexecute?redirectedfrom=MSDN&view=netframework-4.8 and if https://docs.microsoft.com/en-us/dotnet/api/system.web.sessionstate.httpsessionstate.isnewsession?view=netframework-4.8 is false (should allow to add this header only if the request is tied to a current browser session). You'll still have issues such as having the user still interacting through Ajax and being fired etc...

    Wednesday, March 4, 2020 10:07 AM
  • User1535942433 posted

    Hi Emerger,

    Accroding to your description,as far as I think, there are various local storage mechanisms to store  data  such as Web Storage where you have persistent storage (localStorage) or session based (sessionStorage).

    More details,you could refer to below article:


    Best regards,

    Yijing Sun

    Wednesday, March 4, 2020 10:08 AM
  • User379996595 posted

    Use the following code block in your web.config file. Here default session time out is 80 mins.


    <sessionState mode="InProc" cookieless="false" timeout="80" />


    Wednesday, March 4, 2020 6:26 PM
  • User428957395 posted

    Thank you for your reply, and I am using old method and session time out is working with normal page but its not working where the page contains ascx controls.

    let me know how to resolve the issue.

    thanks in adavance

    Monday, March 9, 2020 11:21 AM
  • User753101303 posted

    Rather than "not working" always tell what actually happens.

    For now I don't see any obvious relation between the browser session and using ASCX controls inside an ASPX page ???

    Monday, March 9, 2020 12:07 PM