Custom Session not expiring in asp.net MVC - asp.net

I am using custom session mode in asp.net MVC and set the timeout to 2 minutes. But after 2 minutes session is not expiring ?
<sessionState timeout="10" mode="Custom" customProvider="DynamoDBSessionStoreProvider" cookieless="false" regenerateExpiredSessionId="true">
<providers>
<add name="DynamoDBSessionStoreProvider" type="Amazon.SessionProvider.DynamoDBSessionStateStore" Region="us-west-2" Application="--" Table="ASP.NET_SessionState" ReadCapacityUnits="3" WriteCapacityUnits="1" CreateIfNotExist="true" AWSAccessKey="--" AWSSecretKey="--" />
</providers>
</sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/Home" timeout="10" slidingExpiration="false" />
</authentication>

Related

How can I get the value of forms loginurl at runtime?

I have this in my web.config:
...
<system.web>
<sessionState mode="InProc" timeout="30" cookieless="UseCookies" />
<authentication mode="Form">
<forms loginUrl="http://myurl" path="/" cookieless="UseCookies" slidingExpiration="true" requireSSL="true" />
</authentication>
...
How can I get the value of loginurl at runtime?

System.Web.Security.FormsAuthentication.LoginUrl
Gets the URL for the login page that the FormsAuthentication class
will redirect to.
Details at MSDN.

Authentication expires in ASP.NET MVC

I want to log a user into an ASP.NET MVC site, and the session expires abnormally quickly, in minutes. I want the session to hold for days instead. Authentication is done using System.Web.Security:
FormsAuthentication.Authenticate(username, password);
My web.config looks like this:
<system.web>
<customErrors mode="Off" />
<httpRuntime targetFramework="4.5" />
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"
name=".ASPXAUTH"
timeout="86400"
slidingExpiration="true"
defaultUrl="Day/ListDays"
path="/"
protection="All"
requireSSL="false"
cookieless="UseDeviceProfile"
domain=""
enableCrossAppRedirects="false">
<credentials passwordFormat="Clear">
<user name="user" password="-" />
</credentials>
</forms>
</authentication>
<sessionState mode="StateServer"
stateConnectionString="tcpip=loopback:42424"
cookieless="false"
timeout="300" />
</system.web>

my site (ASP.NET webForm ) log out with out user request

my site (ASP.NET webForm ) log out with out user request , user forced to login page and interrupt his work ? please advice ...
this line from my web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/XXXXXXX.aspx" timeout="2880" />
</authentication>

Try increasing the Session timeout value, by default this is 30 minutes.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/XXXXXXX.aspx" timeout="2880"/>
</authentication>
<sessionState timeout="3000" />
</system.web>

ASP .NET MVC 3. Session expired too quickly

I have a page (View), which sends AJAX queries in some intervals. User can work with this page very long time. But session expired in about 40-60 minutes. So AJAX-requests don't return usefull information.
My Web.config
<system.web>
<sessionState
timeout="259200"
cookieName="SunTest.SessionId"
regenerateExpiredSessionId="true"
sqlCommandTimeout="200"
stateNetworkTimeout="200">
</sessionState>
<roleManager enabled="true" defaultProvider="SqlProvider" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="259200" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<add name="SqlProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="SqlServices" applicationName="/" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms loginUrl="~" timeout="259200" protection="All" />
</authentication>
I've changed my web.config
<appSettings>
<add key="enableSimpleMembership" value="false" />
<add key="autoFormsAuthentication" value="false" />
</appSettings>
<system.web>
<sessionState
mode="SQLServer"
allowCustomSqlDatabase="true"
sqlConnectionString="Data Source=servername;Initial Catalog=dbname;User ID=username;Password=password"
timeout="259200"
cookieName="SunTest.SessionId"
regenerateExpiredSessionId="true"
sqlCommandTimeout="200"
stateNetworkTimeout="200">
</sessionState>
<roleManager createPersistentCookie="true" enabled="true" defaultProvider="SqlProvider" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="259200" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<add name="SqlProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="SqlServices" applicationName="/" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms domain="help2b-2.hosting.parking.ru" name="ASPXFORMSAUTH" path="/" loginUrl="~" slidingExpiration="true" cookieless="UseCookies" timeout="259200" requireSSL="false" />
</authentication>
It makes these cookies:
So, there are 3 cookies:
SunTest.SessionId. 301 byte. Expires - Session.
ASPXFORMSAUTH. 301 byte. Expires - Session.
.ASPROLES. 565 byte. Expires - Tue, 10 Jul 2012 04:14:48 GMT
But after several minutes (something about 30-40), it deletes the .ASPROLES cookie. The user is signed out. So, AJAX queries don't work.
What is wrong with this config?

Are all your users losing session state at the same time? If so, your app pool could be recycling. There are several reasons why this can happen.
I would recommend you consider setting up your user session management so that it is able to survive application and session restarts. Here are some options.

Had the same problem, added the below two appSettings:
<add key="enableSimpleMembership" value="false" />
<add key="autoFormsAuthentication" value="false" />
My Forms:
<forms name="ASPXFORMSAUTH" path="/" domain="something.com" loginUrl="~/Account/LogOn" cookieless="UseCookies" slidingExpiration="true" timeout="1441" requireSSL="false" />
works well now!

A lot of the stated goals of MVC were to move to a stateless model - how much application change can you make to move to a stateless model? If you were to add some identifying information to your ajax calls and make them stateless, using session state wouldn't be a dependency (over simplified, of course - I have no idea what your app is doing).
How are you creating your form tag?

Are you using IIS 7?
In case take a look at:
Application pool’s Idle Time-out(minutes)
Session state – State server’s Time-out (seconds)

Session state timeout parameter issue

I am trying to set the timeout parameter of session state but it doesnt time out.
<sessionState mode="InProc" timeout="1"></sessionState>
I am refreshing the page after 1 minute and I still the session state value.
Why?

Use this way (if in case you are using FA as well)
<system.web>
<authentication mode="Forms">
<forms timeout="1"/>
</authentication>
<sessionState timeout="1" />
</system.web>

<system.web>
<authentication mode="Forms">
<forms timeout="1"/>
</authentication>
<sessionState timeout="1" />
</system.web>
you welcome

The MSDN says it shouldn't be lower then 4 minutes. Refer to the following it might help:
http://justgeeks.blogspot.com/2008/07/aspnet-session-timeouts.html

Resources