An application I'm working on relies on sessionState for timeout, but there is a need to have custom banners on the login that need to occur after the timeout occurs. Is there a way to pass values or variables to the login page after a timeout?
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="60" />
I want to log a user into an ASP.NET MVC site, and the session expires very quickly, in minutes.
Authentication is done in one line of code:
authProvider.Authenticate(model.UserName, model.Password)
Then I have in Web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" name=".ASPXAUTH" timeout="300" slidingExpiration="true">
and the setting on the IIS on the server for 300 minutes.
What is the problem?
Make sure you have a sessionState timeout value that matches your forms timeout:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"
name=".ASPXAUTH"
timeout="300"
slidingExpiration="true" />
</authentication>
<sessionState timeout="300" mode="InProc" />
</system.web>
You also need to change the Idle Time-out parameter of your Application Pool to the desired authentification timeout to avoid the Application Pool to recycle too soon and therefore lose your sessions.
This parameter can be found in:
IIS - Application Pools - Advanced Settings of the Application Pool in question.
References:
Configure Idle Time-out Settings for an Application Pool
IIS7 Application Pool Idle Time-out Settings
If you don't want to change this parameter(*), a solution is to use the StateServer mode of the Session State. This mode uses a service to store the session instead of the memory with In-Process mode. It has the advantage of not losing the session when the Application Pool is recycled. It's also very easy to configure:
<system.web>
<sessionState mode="StateServer"
stateConnectionString="tcpip=loopback:42424"
cookieless="false"
timeout="300" />
</system.web>
(*) 5 minutes is very low. The default is 20 minutes. So I advice to set it to at least the default value if using the StateServer mode.
Reference:
Session-State Modes
I'm using the following configuration on a cloud services instance in Azure for ASP.NET sessionstate in the Web.Config:
<sessionState mode="Custom" customProvider="DistributedCacheSessionStateStoreProvider">
<providers>
<add name="DistributedCacheSessionStateStoreProvider" type="Microsoft.Web.DistributedCache.DistributedCacheSessionStateStoreProvider, Microsoft.Web.DistributedCache" cacheName="default" useBlobMode="true" dataCacheClientName="default" />
</providers>
</sessionState>
And the datacacheclient's configuration:
<dataCacheClients>
<dataCacheClient name="default" isCompressionEnabled="false">
<autoDiscover isEnabled="true" identifier="InternetWebRole" />
<localCache isEnabled="true" sync="TimeoutBased" objectCount="100000" ttlValue="300" />
</dataCacheClient>
</dataCacheClients>
When I create a new deployment to Cloud Services, the process was succesfully executed. But when I login on the website, the session only lasts for 1 or 2 requests. Clicking to another page redirects me back to the login-page. The authentication of my profile is succesful, but the session is expired almost immediately. I'm using forms-authentication using the normal ASP.NET membership provider:
<authentication mode="Forms">
<forms loginUrl="/Login" timeout="120" />
</authentication>
Strange thing is that 3 or 4 hours later, the problem solves itself. I can login again and it keeps my session for two hours straight. I've kept the instance running now for the weekend and still everyting is working fine. But as soon as I delete the deployment and create a new one the problem starts all over again.
Is there anyone that recognize this issue with the same sessionstate provider?
I've solved the issue by adding a machine key to the web.config, which is the same for all cloud services instaces.
I have a problem about session in my ASP.NET Web App. When i write my username and password and clicked login button, session is abandoned.
In my web.config, i use :
sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20"
Can anyone help me ?
You shouldn't use stateConnectionString and sqlConnectionString attributes if you are going to store session in asp.net process.
Just write sessionState mode="InProc".
http://msdn.microsoft.com/en-us/library/h6bb9cz9%28v=vs.71%29.aspx
I am running an ASP.NET 2.0 application in IIS 6.0. I want session timeout to be 60 minutes rather than the default 20 minutes. I have done the following
Set <sessionState timeout="60"></sessionState>
in web.config.
Set session timeout to 60 minutes in IIS manager/Web site properties/ASP.NET configuration settings.
Set idle timeout to 60 minutes in application pool properties/performance.
I am still getting a session timeout at 20 minutes. Is there anything else I need to do?
Are you using Forms authentication?
Forms authentication uses it own value for timeout (30 min. by default). A forms authentication timeout will send the user to the login page with the session still active. This may look like the behavior your app gives when session times out making it easy to confuse one with the other.
<system.web>
<authentication mode="Forms">
<forms timeout="50"/>
</authentication>
<sessionState timeout="60" />
</system.web>
Setting the forms timeout to something less than the session timeout can give the user a window in which to log back in without losing any session data.
I don't know about web.config or IIS.
But I believe that from C# code you can do it like
Session.Timeout = 60; // 60 is number of minutes
Use the following code block in your web.config file.
Here default session time out is 80 mins.
<system.web>
<sessionState mode="InProc" cookieless="false" timeout="80" />
</system.web>
Use the following link for Session Timeout with popup alert message.
Session Timeout Example
FYI:The above examples is done with devexpress popup control so you need to customize/replace devexpress popup control with normal popup control. If your using devexpress no need to customize
In my situation, it was Application Pool. It is set to restart when idle for xx mins. When I set it to not restart, it seems to use value from Web Config.
Do you have anything in machine.config that might be taking effect? Setting the session timeout in web.config should override any settings in IIS or machine.config, however, if you have a web.config file somewhere in a subfolder in your application, that setting will override the one in the root of your application.
Also, if I remember correctly, the timeout in IIS only affects .asp pages, not .aspx. Are you sure your session code in web.config is correct? It should look something like:
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
stateNetworkTimeout="60"
sqlConnectionString="data source=127.0.0.1;Integrated Security=SSPI"
cookieless="false"
timeout="60"
/>
That is usually all that you need to do...
Are you sure that after 20 minutes, the reason that the session is being lost is from being idle though...
There are many reasons as to why the session might be cleared. You can enable event logging for IIS and can then use the event viewer to see reasons why the session was cleared...you might find that it is for other reasons perhaps?
You can also read the documentation for event messages and the associated table of events.
https://usefulaspandcsharp.wordpress.com/tag/session-timeout/
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" timeout="60" slidingExpiration="true" />
</authentication>
<sessionState mode="InProc" timeout="60" />
If you are using Authentication, I recommend adding the following in web.config file.
In my case, users are redirected to the login page upon timing out:
<authentication mode="Forms">
<forms defaultUrl="Login.aspx" timeout="120"/>
</authentication>
Since ASP.Net core 1.0 (vNext or whatever name is used for it) sessions are implemented differently.
I changed the session timeout value in Startup.cs, void ConfigureServices using:
services.AddSession(options => options.IdleTimeout = TimeSpan.FromSeconds(42));
Or if you want to use the appsettings.json file, you can do something like:
// Appsettings.json
"SessionOptions": {
"IdleTimeout": "00:30:00"
}
// Startup.cs
services.AddSession(options => options.IdleTimeout = TimeSpan.Parse(Config.GetSection("SessionOptions")["IdleTimeout"]));
You can find the setting here in IIS:
It can be found at the server level, web site level, or app level under "ASP".
I think you can set it at the web.config level here. Please confirm this for yourself.
<configuration>
<system.web>
<!-- Session Timeout in Minutes (Also in Global.asax) -->
<sessionState timeout="1440"/>
</system.web>
</configuration>
The default session timeout is defined into IIS to 20 minutes
Follow the procedures below for each site hosted on the IIS 8.5 web
Open the IIS 8.5 Manager.
Click the site name.
Select "Configuration Editor" under the "Management" section.
From the "Section:" drop-down list at the top of the configuration
editor, locate "system.web/sessionState".
Set the "timeout" to "00:20:00 or less”, using the lowest value
possible depending upon the application. Acceptable values are 5
minutes for high-value applications, 10 minutes for medium-value
applications, and 20 minutes for low-value applications.
In the "Actions" pane, click "Apply".
IIS sessions timeout value is for classic .asp applications only, this is controlled on IIS configuration.
In your case For ASP.NET apps, only the web.config-specified timeout value applies.
if you are want session timeout for website than remove
<authentication mode="Forms">
<forms timeout="50"/>
</authentication>
tag from web.config file.
The Timeout property specifies the time-out period assigned to the Session object for the application, in minutes. If the user does not refresh or request a page within the time-out period, the session ends.
IIS 6.0: The minimum allowed value is 1 minute and the maximum is
1440 minutes.
Session.Timeout = 600;
After changing the session timeout value in IIS, Kindly restart the IIS.
To achieve this go to command prompt. Type IISRESET and press enter.