Session times out in less time than I set

I am using forms authentication for my web application.

In web.config, I have this:

<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="120"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="Default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>
</authentication>

And in my Login.aspx.cs, I have this:

FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(1, username, DateTime.Now,
DateTime.Now.AddMinutes(120), false, "userdata");
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie =
new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
Response.Cookies.Add(cookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(usernam e,
false));

I ran my web app, log in, let it idle for 1 hour 40 minutes, then I
click on something, but was logged out. It's not 2 hours yet.

What do you think is causing the problem? Thank you.
gnewsgroup [ Fr, 18 April 2008 20:59 ] [ ID #1945166 ]

RE: Session times out in less time than I set

asp.net has an application idle (shutdownTimeout) setting defaulted to 30
minues. if noone hits the site and you use inproc sessions, then they will be
lost at the thirty minute mark.


-- bruce (sqlwork.com)


"gnewsgroup" wrote:

> I am using forms authentication for my web application.
>
> In web.config, I have this:
>
> <authentication mode="Forms">
> <forms loginUrl="Login.aspx"
> protection="All"
> timeout="120"
> name=".ASPXAUTH"
> path="/"
> requireSSL="false"
> slidingExpiration="true"
> defaultUrl="Default.aspx"
> cookieless="UseDeviceProfile"
> enableCrossAppRedirects="false"/>
> </authentication>
>
> And in my Login.aspx.cs, I have this:
>
> FormsAuthenticationTicket ticket =
> new FormsAuthenticationTicket(1, username, DateTime.Now,
> DateTime.Now.AddMinutes(120), false, "userdata");
> string encryptedTicket = FormsAuthentication.Encrypt(ticket);
> HttpCookie cookie =
> new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
> Response.Cookies.Add(cookie);
> Response.Redirect(FormsAuthentication.GetRedirectUrl(usernam e,
> false));
>
> I ran my web app, log in, let it idle for 1 hour 40 minutes, then I
> click on something, but was logged out. It's not 2 hours yet.
>
> What do you think is causing the problem? Thank you.
>
brucebarker [ Fr, 18 April 2008 21:47 ] [ ID #1945170 ]

Re: Session times out in less time than I set

On Apr 18, 3:47 pm, bruce barker
<brucebar... [at] discussions.microsoft.com> wrote:
> asp.net has an application idle (shutdownTimeout) setting defaulted to 30
> minues. if noone hits the site and you use inproc sessions, then they will be
> lost at the thirty minute mark.
>
> -- bruce (sqlwork.com)
>

Ha, very interesting. Yes, I use inproc mode. Is this 30 min default
changeable in web.config or machine.config? Also, if this documented
by MSDN? Can I get a reference to the doc? Thank you very much.
gnewsgroup [ Fr, 18 April 2008 22:35 ] [ ID #1945176 ]
Microsoft » microsoft.public.dotnet.framework.aspnet » Session times out in less time than I set

Vorheriges Thema: GridView sort by a column whose header is dynamically created
Nächstes Thema: sending mail

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum