Session times out in less time than I set

Session times out in less time than I set

am 18.04.2008 20:59:52 von gnewsgroup

I am using forms authentication for my web application.

In web.config, I have this:


protection="All"
timeout="120"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="Default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>


And in my Login.aspx.cs, I have this:

FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(1, username, DateTime.Now,
DateTime.Now.AddMinutes(120), false, "userdata");
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie =
new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
Response.Cookies.Add(cookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(usernam e,
false));

I ran my web app, log in, let it idle for 1 hour 40 minutes, then I
click on something, but was logged out. It's not 2 hours yet.

What do you think is causing the problem? Thank you.

RE: Session times out in less time than I set

am 18.04.2008 21:47:00 von brucebarker

asp.net has an application idle (shutdownTimeout) setting defaulted to 30
minues. if noone hits the site and you use inproc sessions, then they will be
lost at the thirty minute mark.


-- bruce (sqlwork.com)


"gnewsgroup" wrote:

> I am using forms authentication for my web application.
>
> In web.config, I have this:
>
>
> > protection="All"
> timeout="120"
> name=".ASPXAUTH"
> path="/"
> requireSSL="false"
> slidingExpiration="true"
> defaultUrl="Default.aspx"
> cookieless="UseDeviceProfile"
> enableCrossAppRedirects="false"/>
>

>
> And in my Login.aspx.cs, I have this:
>
> FormsAuthenticationTicket ticket =
> new FormsAuthenticationTicket(1, username, DateTime.Now,
> DateTime.Now.AddMinutes(120), false, "userdata");
> string encryptedTicket = FormsAuthentication.Encrypt(ticket);
> HttpCookie cookie =
> new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
> Response.Cookies.Add(cookie);
> Response.Redirect(FormsAuthentication.GetRedirectUrl(usernam e,
> false));
>
> I ran my web app, log in, let it idle for 1 hour 40 minutes, then I
> click on something, but was logged out. It's not 2 hours yet.
>
> What do you think is causing the problem? Thank you.
>

Re: Session times out in less time than I set

am 18.04.2008 22:35:16 von gnewsgroup

On Apr 18, 3:47 pm, bruce barker
wrote:
> asp.net has an application idle (shutdownTimeout) setting defaulted to 30
> minues. if noone hits the site and you use inproc sessions, then they will be
> lost at the thirty minute mark.
>
> -- bruce (sqlwork.com)
>

Ha, very interesting. Yes, I use inproc mode. Is this 30 min default
changeable in web.config or machine.config? Also, if this documented
by MSDN? Can I get a reference to the doc? Thank you very much.