23

I have an MVC 2 application where the timeout is set to 2880 (minutes as I understand it, but even if it is seconds there's a problem):

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

Now this should then mean 48 hours, or at least 48 minutes (if the value is seconds). But the user is logged out after as little as a couple of minutes of inactivity...

Why is that? Any help appreciated!

Improve this question
5
  • Have you tried this with different browsers? I have seen this issue with one isolated user browsing with Firefox once. Commented Oct 22, 2010 at 8:58
  • Yes, the problem has occurred with Firefox, Chrome, IE and Safari... Commented Oct 22, 2010 at 9:24
  • This blog post talks about a similar situation; maybe the setting is being overridden somewhere in code. Commented Oct 22, 2010 at 12:53
  • Well, I checked for FormsAuthenticationTicket code, and there is a snippet, but it's in a different Controller altogether, so it shouldn't have anything to do with it... Commented Oct 23, 2010 at 21:08
  • Some more info: The logout doesn't happen when I try it on my localhost during development, only on the webhost. I've tried contacting support about it, but they don't seem to know what the problem is. They suggested adding this to my web.config: <sessionState mode="SQLServer"> </sessionState> But that didn't help at all... Commented Oct 23, 2010 at 22:21

2 Answers 2

Reset to default
32

Found the answer finally after a lot of Googling...

You have to set a custom machinekey in the web.config file. I used this generator:

http://aspnetresources.com/tools/machineKey

This seems to have to do something with "recycling" on the web host, which causes the user to be logged off, if I understood it correctly.

Anyway, it works fine now!

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Wow, this is really helpful information. Thanks a lot! I had the same issue, and it solved it.
why it is happenning?
the link is no more active, can you explain here more. Actually i am facing same issue. I have provided timeout for forms authentication as timeout="2880" slidingExpiration="true" and sessionState timeout to 1440. But still the session expires after 10-15 minutes. What can be the issue.
-3

2880 is given in minutes. It will logout automatically if you add slidingExpiration="true". See example below.

 <forms loginUrl="~/Account/LogOn" timeout="2880" slidingExpiration="true"/>
Improve this answer

1 Comment

This isn't right. It won't log out automatically. When the SlidingExpiration is set to true, the time interval during which the authentication cookie is valid is reset to the expiration Timeout property value.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.