locked
Is it reasonable to set 8 hours session timeout for asp.net application? RRS feed

  • Question

  • User1878040356 posted

    We have an asp.net application based on Asp.NET 3.5.  This application is an internal application and has about 600 users in our company. Is it reasonable to set 9 hours session timeout for asp.net application? We also need to set its application pool idle time as 9 hours to make the session timeout 9 hours work. How to consider the tradeoff for the application pool, IIS working thread, server memory if we set session timeout as 8 hours? Any hyperlinks / articles talking about this topic? Thanks!

    Wednesday, November 26, 2014 5:48 PM

All replies

  • Wednesday, November 26, 2014 7:43 PM
  • User1878040356 posted

    This article just talks about how to avoiding using Session. But in our application, Session iss used at hundreds of places, and we cannot change them now. Any other ideas? Thanks!

    Monday, December 1, 2014 1:16 PM
  • User753101303 posted

    Hi,

    Hundreds? Usually you try to use session as less than possible. You could also configure a SQL Server provider so that it goes in a db instead.

    So a user is allowed to stay away from the site up to 8 hours and still the session is up and running? I would say that one hour seems already a maximum to me...

    What is the problem you are trying to solve?

    Monday, December 1, 2014 1:40 PM