I'm using forms authentication in my ASP.NET MVC 4 application. I have configured the timeout settings as below in my web.config.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
Since I'm using a shared hosting environment, I can not change the IIS settings for timeout.
Currently it seems that this timeout is not working and it occurs after 15-20 mins of idle time.
are there any settings to force the timeout to take the value in web.config?
Explicitly adding the machine key to the web.config solved the issue.
http://aspnetresources.com/tools/machineKey
Related
I must be doing something wrong. I have followed instructions to set the timeout on my forms authentication app, but the app never renews the cookie and will time out about every 15mins or so.
I must be missing something that is so obvious it is not mentioned in the literature.
Here is my config info:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/" timeout="120" slidingExpiration="true" cookieless="UseCookies" />
</authentication>
and the session state
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="120">
...
I have tried sliding or not sliding--same time out happens.
Dumb questions: do I need something in the code behind (VB) on every page to make sure the postback renews the authentication?
If you are browsing your web application from IIS then check the check the Idle Time-Out(minutes) property under "Process Model" of application pool.
If it is 20 minutes. You should change that property value.
In web config i have set session time out even though my session is reset after 10-15 min
<sessionState mode="InProc" cookieless="UseCookies" timeout="525600"/>
<authentication mode="Forms">
<forms name="outerForms" loginUrl="~/Login.aspx" defaultUrl="Default.aspx" timeout="525599" cookieless="UseCookies"/>
</authentication>
This is what i have set in web.config. Now Value stored in session gets cleared after 10-15 min but user does not get log out.
Sorry if i sound foolish but i am new in asp.net... is it dependent on any other thing?
i am using .net version 4.0
Check your IIS ideal time Setting. By default it is 20 minutes. You need to increase this value.
I resolved this by running SQL Server agent service. Make sure that ASPState_Job_DeleteExpiredSessions job is enabled
I want to set timeout for my web application for 12 hours.
I have done setting in web.config file as:
<system.web>
<sessionState timeout="720" />
</system.web>
As suggested in the following post:
I came to know that the Application Pool recycles in every 20 minutes (if the pool is ideal).
And I also checked for changing the application pool time out using one question about application pool timeout setting
But still the session time-out is not set to 720 minutes. Do I need to change machine.config file for changing the session time out.
But I think the properties of machine.config file should be overriden by web.config file.
Kindly provide me some idea.
You can try out WMI(Windows Management Instrumentation) script it can help you.You need to have sufficient priveleges to implement the Script.
follwing are the links you can check to get more information.
http://bendera.blogspot.in/2010/12/configuring-ica-rdp-timeout-values.html
http://technet.microsoft.com/en-us/library/cc771956%28v=ws.10%29.aspx
You should set all following:
Application Pool / Advanced Settings. There the option Idle Timeout should be set in minutes.
Then within the web.config file in system.web section you should also set the Authentication/Forms, SessionState and RoleManager timeouts, if applicable.
<authentication mode="Forms"><forms loginUrl="~/default.aspx" name=".ASPXFORMSAUTH" timeout="120" /></authentication>
<sessionState cookieless="AutoDetect" cookieName="TYS_ADMIN_SessionId" timeout="120" />
<roleManager ... cookieTimeout="120" defaultProvider="GMRoleProvider" enabled="true">...</roleManager>
Here is a snippet from my web.config file:
<system.web>
<sessionState timeout="1440"></sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="1440"
cookieless="UseCookies"
/>
</authentication>
I am getting sessions expiring much sooner than 1 day (within an hour or so). Are there any other IIS or ASP.NET settings that could be affecting this? (the app is not setting any timeouts from code).
I would check the application pools recycle time. This is probably the cause as I think that it defaults to something like 20 minutes.
I'm working on a web application that is using Forms authentication.
<authentication mode="Forms">
<forms slidingExpiration="true"
loginUrl="~/User.aspx/LogOn"
timeout="15"
name="authToken" />
</authentication>
I'm seeing this cookie set in my browser when I log in:
The question is what happens when I put this website in a load balanced model? Where is the ASP.net session cookie being set? I didn't explicitly do it in code, so I assume it's happening behind the scenes somewhere in ASP.Net.
Also, If the session cookie is set by web server A, I assume web server B won't recognize it and treat it as an invalid session. If this is the case, I probably don't want to use it, right?
You'll have to set the machine key to be the same and the name to be the same on both machines...if this is done you should have no problems load balancing with forms auth.
<authentication mode="Forms">
<forms loginUrl="~/Login/Index" defaultUrl="~/"
name=".myportal"
protection="All" slidingExpiration="true" timeout="20" path="/"
requireSSL="false"></forms>
</authentication>
<machineKey validationKey="534766AC57A2A2F6A71E6F0757A6DFF55526F7D30A467A5CDE102D0B50E0B58D613C12E27E7E778D137058E" decryptionKey="7059303602C4B0B3459A20F9CB631" decryption="Auto" validation="SHA1"/>
Sessions can get slightly more complicated. You can store the ASP.Net session state in the database or use a shared session provider to make it available for load balancing as well.
Here is a good article on storing session state in the DB: http://idunno.org/articles/277.aspx