Here is a snippet from my web.config file:
<system.web>
<sessionState timeout="1440"></sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="1440"
cookieless="UseCookies"
/>
</authentication>
I am getting sessions expiring much sooner than 1 day (within an hour or so). Are there any other IIS or ASP.NET settings that could be affecting this? (the app is not setting any timeouts from code).
I would check the application pools recycle time. This is probably the cause as I think that it defaults to something like 20 minutes.
Related
I must be doing something wrong. I have followed instructions to set the timeout on my forms authentication app, but the app never renews the cookie and will time out about every 15mins or so.
I must be missing something that is so obvious it is not mentioned in the literature.
Here is my config info:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/" timeout="120" slidingExpiration="true" cookieless="UseCookies" />
</authentication>
and the session state
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="120">
...
I have tried sliding or not sliding--same time out happens.
Dumb questions: do I need something in the code behind (VB) on every page to make sure the postback renews the authentication?
If you are browsing your web application from IIS then check the check the Idle Time-Out(minutes) property under "Process Model" of application pool.
If it is 20 minutes. You should change that property value.
I am working on a web application based project in this application i want if a user remains idle for continuous 10 minutes then he will automatically logged out from the application.
for this i have tried this code in the web.config but this isn't working.
<sessionState mode="InProc" cookieless="false" timeout="2"></sessionState>
Suggest me some other possible way how can i do this in my application?
Use should set timeout for forms authentication.
Notice that session timeout should be longer: ~ 2 * formsTimeout
<authentication mode="Forms">
<forms loginUrl="~/login" timeout="2" name=".yourAuthCookieName" />
</authentication>
<sessionState mode="InProc" cookieless="false" timeout="4"></sessionState>
Do like this
<configuration>
<system.web>
sessionState mode="InProc" timeout="120" />
</system.web>
</configuration>
and Find here more about setting session timeout in application pool
http://technet.microsoft.com/en-us/library/cc771956%28v=ws.10%29.aspx
I'm using forms authentication in my ASP.NET MVC 4 application. I have configured the timeout settings as below in my web.config.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
Since I'm using a shared hosting environment, I can not change the IIS settings for timeout.
Currently it seems that this timeout is not working and it occurs after 15-20 mins of idle time.
are there any settings to force the timeout to take the value in web.config?
Explicitly adding the machine key to the web.config solved the issue.
http://aspnetresources.com/tools/machineKey
After moving over to the new platform the site is logging people out after a time of inactivity. This never used to happen and I wish to set the timeout to a larger value. I've changed some settings to no effect and even in code the session.timeout is set to 1440.
Any ideas where I can find another setting for it or where I might start with this problem.
Thanks
The app pool was recycling as the worker process was set to expire after 20 minutes of inactivity.
Have a look at IIS session information here: HttpSessionState.Timeout Property
<configuration>
<system.web>
<sessionState
mode="InProc"
cookieless="true"
timeout="30" />
</system.web>
</configuration>
You can add this section to your web.config in your website root dir for authentication:
<system.web>
<authentication mode="Forms">
<forms timeout="1440" slidingExpiration="true"/>
</authentication>
</system.web>
Assuming that you're using Forms authentication.
And this for session timeout:
<system.web>
<sessionState timeout="1440"/>
<system.web>
I have my site up and running just fine using the kit.
My question is, when you click on the check box to stay logged in, is their a way to extend the amount of time that you stay logged in for. My client would like something like an hour.
Try to increase authentication/forms/timeout value in web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="60"/>
</authentication>
From MSDN:
Specifies the time, in integer minutes, after which the cookie expires. ... The default is "30" (30 minutes).
Yeah, you set this in your Forms timeout in the web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880"/>
</authentication>
Which is currently set to 48 hours (2880/60).
Change it to 60 if you'd like an hour. Although, something much longer would be more appropriate.