0

application:

-.net MVC 3 / c# / SQL Server 2008

issue:

  • after leaving the application unattended for nor more than 5 minutues have to log in again.
  • sometimes even while working inside the application I will click in some place and it brings me back to the login screen.
  • no error pop up of any sort comes up, just have to log in again.

I know there are some threads about this post but I wanted to add the code I am currently using in my web.config file. I tried to add the session timeout tag inside but issue persists.

I am not pasting all code but I am adding the code I think its relevant to this issue, please let me know if I am missing something else.

this is what I added:

<sessionState mode="InProc" timeout="200000"/>
         <customErrors mode="Off"/>

<authentication mode="Forms">
      <forms loginUrl="Login/Login">
      </forms>
    </authentication>

    <authorization>
      <deny users="?" />
    </authorization>

is there something else I am missing. I feel that after adding teh sesstionstate line nothing has changed. From what I understand without the sessionstate line the default is 30 mins, but I am getting kicked out before this time.

also I have seen some sesstionstate setup with more than the line I added so not sure if I am missing something there.

Thanks for any suggestion.

Improve this question

2 Answers 2

Reset to default
1

In ASP.NET, session timeout and forms authentication ticket timeout are separate concepts. The values are stored in different cookies and are not related. For increasing the timeout, please see KB910443 and try modifying the <authentication> tag of your web.config like this:

<authentication mode="Forms">
  <forms loginUrl="Login/Login" timeout="200000" slidingExpiration="true">
  </forms>
</authentication>
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

so basically take this whole line out? '<sessionState mode="InProc" timeout="200000"/>' and modify the authentication mode part?
also I keep on getting conflicted information is the timeout based on seconds or minutes?
No, only update the authentication tag like that. (Modified my answer.) According to MSDN, both timeouts are in minutes: msdn.microsoft.com/library/h6bb9cz9.aspx and msdn.microsoft.com/library/1d3t3c61.aspx
just thought I would write what I ended up doing. I changed my sessionstate to StateServe as recommended by the hosting company. I have found now that the timeout is not the main issue but shared hosting makes a difference. With my current server they allow a max of 500MB ram for my account and I think this might not be enough so anytime server is maxed out the user gets kicked out to the main login page. So make sure to check with host about limitations/max for sharing accounts.
0

Have you instantiated the auth ticket yourself? then check the timeout there.

Also, you can check whether your using jQuery idle timeout.

Improve this answer

1 Comment

forgot to mention I am still in developement mode so my dev and myself for testing are using the same username coudl this be an issue?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.