An application I'm working on relies on sessionState for timeout, but there is a need to have custom banners on the login that need to occur after the timeout occurs. Is there a way to pass values or variables to the login page after a timeout?
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="60" />
Related
In ASP.net, how to set automatic force logout when user is idle for more than 10 minutes?
Our session details are stored in the DB:
<sessionState mode="SQLServer"
stateConnectionString="tcpip=***"
sqlConnectionString="data source=***;user id=***;password=***;"
cookieless="false"
timeout="10" />
I want to log a user into an ASP.NET MVC site, and the session expires very quickly, in minutes.
Authentication is done in one line of code:
authProvider.Authenticate(model.UserName, model.Password)
Then I have in Web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" name=".ASPXAUTH" timeout="300" slidingExpiration="true">
and the setting on the IIS on the server for 300 minutes.
What is the problem?
Make sure you have a sessionState timeout value that matches your forms timeout:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"
name=".ASPXAUTH"
timeout="300"
slidingExpiration="true" />
</authentication>
<sessionState timeout="300" mode="InProc" />
</system.web>
You also need to change the Idle Time-out parameter of your Application Pool to the desired authentification timeout to avoid the Application Pool to recycle too soon and therefore lose your sessions.
This parameter can be found in:
IIS - Application Pools - Advanced Settings of the Application Pool in question.
References:
Configure Idle Time-out Settings for an Application Pool
IIS7 Application Pool Idle Time-out Settings
If you don't want to change this parameter(*), a solution is to use the StateServer mode of the Session State. This mode uses a service to store the session instead of the memory with In-Process mode. It has the advantage of not losing the session when the Application Pool is recycled. It's also very easy to configure:
<system.web>
<sessionState mode="StateServer"
stateConnectionString="tcpip=loopback:42424"
cookieless="false"
timeout="300" />
</system.web>
(*) 5 minutes is very low. The default is 20 minutes. So I advice to set it to at least the default value if using the StateServer mode.
Reference:
Session-State Modes
I have it set to 120 minutes but it doesn't last that long. I am not sure exactly how long it does last but I know it isn't 2 hrs.
<sessionState timeout="120" />
This was set only in the default Web.config and NOT in the one in the Views directory nor the Web.Debug.config or Web.Release.config.
Would that make a difference as the default session timeout is 20 min?
To guarantee your sessions don't get killed by a w3wp.exe crash or an application pool recycle, you should move the session state to a separate store. The easiest is the ASP.Net State Server service. Make sure to start the service on the host machine and add this to your web.config instead:
<sessionState mode="StateServer"
stateConnectionString="tcpip=SampleStateServer:42424"
cookieless="false"
timeout="120"/>
I think you should define the session state mode
There are there different session states in ASP.NET
http://msdn.microsoft.com/en-us/library/ms178586(v=VS.80).aspx
In-Process Mode
The defaul one is <sessionState mode="InProc" timeout="10" />, the session will be clear after rebuild the project
State Server Mode
we can use this, but remember to turn the services - ASP.NET State Service
<sessionState mode="StateServer"
stateConnectionString="tcpip=localhost:42424"
sqlConnectionString="data source=.\SQLEXPRESS; User ID=sa;Password=12345678; Integrated Security=SSPI"
cookieless="false"
timeout="2"
/>
SQL Server Mode we can use this after create a DB ASPSate by command, pls check this site for details - http://www.brianstevenson.com/blog/aspstate-concurrently-running-for-net-1011-and-net-20
<sessionState mode="SQLServer"
stateConnectionString="tcpip=localhost:63586"
sqlConnectionString="data source=.\SQLEXPRESS; User ID=sa;Password=12345678; Integrated Security=SSPI"
cookieless="false"
timeout="2"
/>
The session in State Server Mode & SQL Server Mode will not be cleared after rebuild the project, it's good for development
I have the following setting in my web.config
<sessionState mode="InProc" cookieless="false" timeout="20" />
<forms loginUrl="~/Account/LogOn" timeout="20" />
When the user timeout after 20 minutes I need to be able to figure out if the session was timed out and display a message on the logon screen. I know the querystring will have a ReturnURL but they can have ReturnURL if they are not logged in and click on favorites or even by typing in the URL.
I have a problem about session in my ASP.NET Web App. When i write my username and password and clicked login button, session is abandoned.
In my web.config, i use :
sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20"
Can anyone help me ?
You shouldn't use stateConnectionString and sqlConnectionString attributes if you are going to store session in asp.net process.
Just write sessionState mode="InProc".
http://msdn.microsoft.com/en-us/library/h6bb9cz9%28v=vs.71%29.aspx