Is the session state timeout setting in the web.config the same as IIS 7 idle timeout setting? If not, which one takes priority? I would like to increase users sessions to a couple of hours.
Make sure your AppPool's idle timeout is GREATER than your session timeout.
Once your AppPool times out, all session data is lost.
Idle timeout is for the application pool as a whole. It kicks in if all the applications linked to the pool have had no activity within the set time.
Session state is per session. This is specifically for a single user session. You can have many sessions occurring at any single time.
Related
We are using an ASP.NET web application, IIS 7.5 using Windows Authentication.
Anonymous, ASP.NET Impersonation, and Forms Authentication are all turned off.
Session timeout is set in the application at 120
< sessionState timeout="120" />
Application Pool idle timeout is set to 180, recycling is done each morning at 3:00 AM (lowest usage time). This does not happen in relation to updating files.
The users are logging in via Chrome or IE, and it works fine, until it doesn't.
User complain they are suddenly asked to log off after a few minutes of inactivity... sometimes. This does not happen all the time.
I have been looking at logs, events, etc and cannot find anything to let us know why this is happening.
Does anyone have any idea why this would be happening?
Make sure the idle timeout isn't set on the app pool in IIS. The default for that setting is 20 minutes (which leads to confusion over whether the timeout was triggered by session timeout or idle timeout) and in most cases can be safely set to 0, which turns it off.
To check the idle timeout in IIS, go to Advanced Settings for the app pool.
The idle timeout is a sliding window based on activity for the app, so requests from any client will reset the window. If your app is lightly used, you'll hit the timeout frequently, causing your app pool to recycle. The impact to users is that any sessions that had been active will be lost, and users walking up to your app after it has been idle will have to wait for it to run all of its start up processes.
https://technet.microsoft.com/en-us/library/cc771956(v=ws.10).aspx
I did by writing this line into web.config
<sessionState timeout="540"/>
but My client's Session Expire within 20-40 minute
is there any other way to Increase SessionTimeout for 8-9 hours ?
thanks
Perhaps you could toss something in you global.asax.cs file, to reset the expire. I'd put it in the Application_PreRequestHandlerExecute method / event.
var cookie = Request.Cookies["ASP.NET_SessionId"];
cookie.Expires = DateTime.Now.AddHours(8);
Response.Cookies.Set(cookie);
It's likely that your IIS application pool is recycling. By default it will shut down the worker process after being idle for a certain amount of time.
You could use SQL Server backed session state, or you could increase the worker process idle timeout limit.
I've made one Asp.net MVC website, and I'm very confused between the different timeout settings.
What is the difference between:
SessionState Timeout in web.config:
Application pool timeout
Asp.Net Session timeout property
Which one should I set if I want to have a timout of (say) 6 hours? All of them? Only some?
The application pool timeout is the length of time the site has to be idle for before the application pool will shut down the worker process to release resources. The downside is that when the next visitor comes to the website it takes a long time to restart things so that first request after a shutdown will be quite slow.
IIS7 Application Pool Idle Time-out Settings
The session timeout refers to the session id that a user gets on first request to the site, and when that expires.
I think the ASP one that you've included the screenshot of is for classic ASP, not ASP.NET.
So to increase the session timeout you would use the one in the config file.
There's also a Session state section when you click on the website in IIS that you could possibly use either and there's a timeout at the bottom of the page for it.
But if the value for the application pool timeout is shorter, then your session setting will be irrelevant as the worker process will shut down before the session expires. So you should also change your application pool settings.
Session Time out in IIS 7
I store some information in Session but the Session gets destroyed each time. I don't know why this is happening. I am using IIS7.
This is the setting which I have made:
<sessionState cookieless="AutoDetect" mode="InProc" timeout="120" />
I am storing some information while the user is getting registering but my client complains that when he sits idle for 20-30 minutes the information is lost. I am running application in one custom defined application pool whose idle timeout is 20 minutes (in properties of app pool). Can that be the problem?
Secondly even though I have specified timeout to be 120 minutes but when I click on "Session state" icon in IIS7 it doesn't show 120 minutes anywhere. What can be the problem?
Update: In cookie settings in "Session state" in IIS7 I see timeout as 5 minutes for Asp_NetSessionId. Can that be the culprit?
Well if your application pool is being destroyed after 20 minutes then that would be a problem considering your session is inproc. Increase the timeout of the application pool to be 120 minutes
If you store your session InProc, then every 20 minutes the application will be restarted, and all the sessions are lost.
Run the StateServer service and use
<sessionState mode="StateServer" timeout="120" />
in web.config. Then you don't care how often the app is restarted, you can even upload new version and the sessions will be kept.
Yes, When you specify an idle timeout in AppPool settings, it basically kills your worker process which in turn destroys your session.
You'll see the value under Cookie Settings tab as one of the ways to handle InProc session is via Cookies.
Already someone has raised this question in this forum regarding session timeout. Would appreciate if someone can clarify this again.
I have an asp.net 2.0 application which times out after say 15-20 minutes if user didnt do any activity and presses a button on the page(he is redirected to sessionExpired.aspx page). I have set the session timeout to 60 minutes in my web.config file but still somehow the user is timed out.
I have another question related to this regarding the Session Timeout Precedence. Does IIS session timeout take priority over ASP.NET session timeout. Say if IIS session timeout is set to 20 minutes and ASP.NET session timeout is 60 minutes, does ASP.NET override IIS session timeout.
IIS takes precedence, but they deal with slightly different scenarios.
In the case of IIS, the default 20 minutes time-out for the application pool is referring to incoming requests. If your application doesn't receive any requests at all for 20 minutes then the application pool is put to sleep to save resources. When this happens all the sessions in your application are gone.
The ASP.NET session time-out deals with per-session requests. Your site could be quite busy, but if one user (i.e. session) is not active for 20 minutes only that session is discarded.
So yes, to make sure the session stays alive for 60 minutes you have to change the time-out settings for the IIS application pool as well as web.config.
Another way of approaching this problem is to periodically send a small AJAX "ping" (i.e. a page request with a random ID to prevent browser caching) back to the server. This way, as long as the user doesn't close the browser, the session will be preserved.