I have an MVC 2 application where the timeout is set to 2880 (minutes as I understand it, but even if it is seconds there's a problem):
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
Now this should then mean 48 hours, or at least 48 minutes (if the value is seconds). But the user is logged out after as little as a couple of minutes of inactivity...
Why is that? Any help appreciated!
Found the answer finally after a lot of Googling...
You have to set a custom machinekey in the web.config file. I used this generator:
http://aspnetresources.com/tools/machineKey
This seems to have to do something with "recycling" on the web host, which causes the user to be logged off, if I understood it correctly.
Anyway, it works fine now!
2880 is given in minutes. It will logout automatically if you add slidingExpiration="true". See example below.
<forms loginUrl="~/Account/LogOn" timeout="2880" slidingExpiration="true"/>
Related
I must be doing something wrong. I have followed instructions to set the timeout on my forms authentication app, but the app never renews the cookie and will time out about every 15mins or so.
I must be missing something that is so obvious it is not mentioned in the literature.
Here is my config info:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/" timeout="120" slidingExpiration="true" cookieless="UseCookies" />
</authentication>
and the session state
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="120">
...
I have tried sliding or not sliding--same time out happens.
Dumb questions: do I need something in the code behind (VB) on every page to make sure the postback renews the authentication?
If you are browsing your web application from IIS then check the check the Idle Time-Out(minutes) property under "Process Model" of application pool.
If it is 20 minutes. You should change that property value.
In web config i have set session time out even though my session is reset after 10-15 min
<sessionState mode="InProc" cookieless="UseCookies" timeout="525600"/>
<authentication mode="Forms">
<forms name="outerForms" loginUrl="~/Login.aspx" defaultUrl="Default.aspx" timeout="525599" cookieless="UseCookies"/>
</authentication>
This is what i have set in web.config. Now Value stored in session gets cleared after 10-15 min but user does not get log out.
Sorry if i sound foolish but i am new in asp.net... is it dependent on any other thing?
i am using .net version 4.0
Check your IIS ideal time Setting. By default it is 20 minutes. You need to increase this value.
I resolved this by running SQL Server agent service. Make sure that ASPState_Job_DeleteExpiredSessions job is enabled
I have been developing an ASP.NET MVC 4 (with razor) WebApp, that worked great in Debug, and even in Release on my local machine.
Now I uploaded it to the server, and while you are navigating it suddenly, from time to time closes your user session, asking for username and password again.
Any idea of why? Maybe I am losing some configuration or settings requirements, but its driving me mad.
It looks like you are confusing Session with Authentication. You probably need to enable FormsAuthentication.SlidingExpiration Property so you aren't automatically logged out.
<authentication mode="Forms">
<forms loginUrl="member_login.aspx"
name=".ASPXFORMSAUTH"
cookieless="UseCookies"
requireSSL="true"
slidingExpiration="TRUE" />
</authentication>
I think that your Session expires after 20 minutes. take a look here:
What is default session timeout in ASP.NET?
Also you'll find the solution for your problem, that is to set Session timeout..
Here is a snippet from my web.config file:
<system.web>
<sessionState timeout="1440"></sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="1440"
cookieless="UseCookies"
/>
</authentication>
I am getting sessions expiring much sooner than 1 day (within an hour or so). Are there any other IIS or ASP.NET settings that could be affecting this? (the app is not setting any timeouts from code).
I would check the application pools recycle time. This is probably the cause as I think that it defaults to something like 20 minutes.
I have my site up and running just fine using the kit.
My question is, when you click on the check box to stay logged in, is their a way to extend the amount of time that you stay logged in for. My client would like something like an hour.
Try to increase authentication/forms/timeout value in web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="60"/>
</authentication>
From MSDN:
Specifies the time, in integer minutes, after which the cookie expires. ... The default is "30" (30 minutes).
Yeah, you set this in your Forms timeout in the web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880"/>
</authentication>
Which is currently set to 48 hours (2880/60).
Change it to 60 if you'd like an hour. Although, something much longer would be more appropriate.