How to force a 20 minute time-out for sessions? - asp.net

I'm very confused when it comes to what actually decides the session time-out.
The web app needs to allow for a 20 minute "idle time" before logging (or throwing) users out. I've tried different setting on both sessionState and Recycle worker processes in IIS. The time-out remains too short and, as far as my quit-n-dirty, primitive tests have shown, a bit random.
I read somewhere that the default time-out is 20 minutes, but in my app it appears to be closer to five. Are there any easy ways to change this? The app is running .NET 3.5 on IIS 6.
EDIT:
I just realized that the Entity Framework might have something to do with the problem, as the user content is held as a context in the entity framework. Is there any time limit for how long an entity is held?

The user will be logged out based on your Authentication settings in the web.config.
The Session timout will be set in your session tag in the web.config.
If they are different then you will see "interesting" results.

http://msdn.microsoft.com/en-us/library/ms972429.aspx
If you look in the web.config you can write some thing like this
<configuration>
<sessionstate timeout="20" />
</configuration>
and there you can set you timeout..

Use the sessionstate timeout. You do not want to use Recycle Worker, as this will recycle all sessions associated with that worker, every N minutes. It's a good idea to set Recycle Worker to a very high value if you are using the session variable.

Related

ASP.NET Session Timeout not effective unless cookieless=true

I am trying to make the session timeout in my application configurable.
When I put the following code in my web.config file it works fine:
<sessionState cookieless="true" timeout="1" />
That is, I can see my session times out after 1 minute. However, this code has the side effect of putting the session id in the url which is not desirable.
On the other hand, if I use the following code in my web.config, the session does not timeout for at least 1 hour or longer:
<sessionState cookieless="false" timeout="1" />
To determine that the session is in fact timing out, I am using the following code in my _Layout.cshtml:
#if (Session[MvcApplication._Ssn_UserName] == null)
{
Response.Redirect("~/Login/Index");
}
When the timeout is working, I see the user redirected to my Login page anytime they navigate to a different page or just hit the refresh button in the browser.
I see the same behavior when running from Visual Studio (IIS Express) or when running on IIS.
I've done a lot of searching online, and haven't discovered any correlation between the cookieless setting and the timeout behavior. Any ideas would be appreciated.
Try to use the iis session state setting as suggested below:
1)open iis and select your site.
2)select the session state feature
3)set the mode and cookie setting as per your choice:
session timeout value should not be set higher than 20 minutes (except in special cases) because every open session is holding onto memory. It should also not be set lower than 4 minutes because clients rarely respond within that time resulting in a loss of session state.so try to set like 5 minutes or more.
make sure there is no other session time out setting which conflicts with this setting like global.asax file setting or code-behind time out setting.
try to set the iis application pool ideal time out setting the same as session Tim out setting.
go to the Application Pool of the website --> go to advanced settings --> Process Model --> and change Idle Time-out

Session time out setting in ASP.Net

I have set session time out to 9 hours in web.config file something like this:
“<sessionState mode="InProc" timeout="540" />
But often users complain that they are facing time out in less than 9 hours of inactivity and the time interval after they are timed out also varies.
I was wondering if session time out is dependent on any of the below settings in IIS:
Session time setting
Idle- time out setting for Application pool
Recycling setting.
Please advise.
Also, how do I check session time out setting in IIS 7.0?
The session will be lost when the ApplicationPool recycles. That's one of the IIS settings that you mentioned. To set only the timeout in the web.config will not be enough. You need to adjust the setting in IIS.
Here is a link I found while I was looking into the same problem.
Also, this question was very useful: Losing Session State
If you are using Forms authentication you should make sure your FormAuthentication Cookie is set to expire at the same time as your Session.
If not make sure your IIS is not getting recycled. ( put a logger in your Global.asax to verify the application end events compared to your users complaints.)
It is not enough to set session time out in your web config. If the server on which your site is hosted is having less time out value set in IIS setting, your session is time out according to the server session time out value.
also if you are deleting any folder from the server directory, this can also cause your AppPool to recycle unexpectedly.
so please check the server session time out value and if it less then ask your hosting to increase it as per your requirement.

IIS 7.0 Session expiring ASP.net

This is the syntax am using in web.config.
But my session get expire within 10 to 15 minutes not staying upto 2 hrs.
<sessionState cookieless="UseCookies" cookieName="ASP.NET_SessionId180"
mode="InProc" timeout="120" />
One possible cause is that the application domain gets recycled by IIS. And since you are using InProc session state the whole memory of the AppDomain gets wiped out. IIS could recycle the AppDomain under different circumstances: certain period of inactivity or CPU/memory threshold limits are reached.
You can read more about this in the following blog post.
The "worker" is most likely the one who causes your problem. If it recycle it will reset the session if its idle long enough.
Check your IIS AppPool setting and increase the idle timeout setting.
As you use the InProc session state, it's possible that the pool is recycled due to some actions: modifying web.config, copying files to the bin folder,...
Check also the recycling parameters of the pool.
You can try to use the StateServer option for your session. To do this, you need to start the ASP.NET state service and check that your objects are marked as serializable.

How to increase the timeout to a web service request?

I have an ASP.NET web application that I can't modify (I only have the binaries). This application connects to a web service and it seems like the connection is closed from the client side (my web app). I have increased the "executionTimeout" in the machine.config of the destination server but my web app seems to still stop after waiting for a while.
Is there a way to increase the timeout time for my web application by simply modifying the web.config? As I said... I can't modify the timeout in the code so my only option would be through config files.
Thanks!
Try if this would work for you.
Firstly, you need to increase the timeout of the executionTimeout attribute of the httpRuntime element. Note that this is mentioned in Seconds unlike the other timeout attributes like the Session timeout and others.
<httpRuntime
executionTimeout="36000"
And moreover, this attribute takes effect only when you set the debug attribute of the Compilation element to false. This is also specified in the MSDN link that you mentioned. Like,
<compilation
debug="false"
../>
But this works in conjunction with the Session timeout. Yes, if the session times out , then an error would be thrown. and it wouldn't wait for the executionTimeout value to take effect. so you also need to set the Session Timeout to a higher value. And note that this is in minutes. which would look like,
<sessionState
mode="InProc"
timeout="360"
...
/>
And note that all of this would be overriden by AppPool recycling process. so you need to set the Idle Timeout value of the Apppool that your website uses to atleast same / higher value than the session timeout.
I found it here http://www.eggheadcafe.com/community/aspnet/17/10111748/how-can-we-increase-the-t.aspx
The default timeout of web application is 90 seconds which is usually more than enough for general purpose use. It is important to note where the timeout is coming from. Is it from the page itself or something in the page that is causing it. In either case, it would appear that the "the page" is timing out.
I stumbled upon this question as my page was timing out too. Found out the exception was coming from SQL (read the the actual error) so it was really SQL problem. Once I knew it, I could easily fix it.
In web.config file
<binding name="endpointname" sendTimeout="00:3:00" />
This will update timeout property to 3 minutes

What is killing my users' Asp.net session?

We are having an intermittent problem with some users losing session. Our session settings in the web.config are as follows:
<sessionState mode="InProc" timeout="1440"/>
...which should be 24 hours (a value deliberately set over the top during testing).
Are there any other settings (maybe in IIS7) that I need to be aware of? Or are there any resources that will list the things that could kill a user's session?
Let me know if you need more information.
Thanks!
Dave
Changing the web.config file, or any of the dlls will cause the session to be destroyed, as will the recycling of app pools (this is usually set to a timeout of 20 mins of inactivity, but will also occur under certain exception conditions and possibly memory conditions)
Check Application Pool settings. There are several things there that can interfere with this:
Process recycling settings;
Several processes (then each would be keeping its own session stash);
Changing web.config or other web related files recycles the process immediately.
Anything that recycles the application pool will kill InProc session state.
Check the properties on the application pool by default there are several settings which may cause the pool to recycle in less then 24 hours.
Typically when testing there is little activity on the site and you fall foul of the pool idle timeout.
Thanks for all the replies, it seems it was because the App Pool was set to recycle at 3am and some of the users were just leaving themselves logged in over night and then just carrying on in the morning! We've added better session timeout handling now.
Thanks again!

Resources