2

I want to log a user into an ASP.NET MVC site, and the session expires very quickly, in minutes. Authentication is done in one line of code:

authProvider.Authenticate(model.UserName, model.Password)

Then I have in Web.config: 

<authentication mode="Forms">
<forms loginUrl="~/Account/Login" name=".ASPXAUTH" timeout="300" slidingExpiration="true">

and the setting on the IIS on the server for 300 minutes.

What is the problem?

Improve this question
7
  • Isn't it because your sessionState timeout has a low value? Commented Feb 16, 2017 at 16:28
  • those are minutes. so it should expire in 300 minutes, but it expires in 5. Commented Feb 16, 2017 at 17:01
  • I'm not talking about the forms timeout but the sessionState timeout Commented Feb 16, 2017 at 17:10
  • 2
    What value do you have in the Idle Time-out parameter or your Application Pool? Please refer to this article and this question. Commented Feb 17, 2017 at 15:35
  • 1
    @krlzlx you are correct! the value was 5 and now changing it to 300 saves the session. This is an amazing answer that I feel must be rewarded, if you would like to answer the question. thank you! Commented Feb 17, 2017 at 22:20

1 Answer 1

Reset to default
2

Make sure you have a sessionState timeout value that matches your forms timeout:

<system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" 
         name=".ASPXAUTH"
         timeout="300"
         slidingExpiration="true" />
    </authentication>
    <sessionState timeout="300" mode="InProc" />
</system.web>

You also need to change the Idle Time-out parameter of your Application Pool to the desired authentification timeout to avoid the Application Pool to recycle too soon and therefore lose your sessions.

This parameter can be found in:

IIS - Application Pools - Advanced Settings of the Application Pool in question.

References:

If you don't want to change this parameter(*), a solution is to use the StateServer mode of the Session State. This mode uses a service to store the session instead of the memory with In-Process mode. It has the advantage of not losing the session when the Application Pool is recycled. It's also very easy to configure:

<system.web>
    <sessionState mode="StateServer"
       stateConnectionString="tcpip=loopback:42424"
       cookieless="false"
       timeout="300" />
</system.web>

(*) 5 minutes is very low. The default is 20 minutes. So I advice to set it to at least the default value if using the StateServer mode.

Reference:

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Hello, so this worked for two months. now it doesn't any more. I see there are two cookies set , one Cookies/.ASPXAUTH (expires "When the browsing session ends") and another in Local Storage / name of my website (subdomain.domain.com, but does not have any associated metadata with it? ) . what do you advise?
I advise you to try the StateServer mode of the Session State like described in the second part of my answer.
Right, I overlooked that. I have now added both and I still lose the session in around 15 minutes. Should the text inside stateConnectionString be different than "tcpip=loopback:42424"?
No, that setting should work. Did you set the timeout to 300? You can check this setting in IIS -> YourSite -> Session State -> Cookie Settings - Time-out (in minutes) should be 300.
Yes it is my webconfig is: <authentication mode="Forms"> <forms loginUrl="~/Account/Login" name=".ASPXAUTH" timeout="300" slidingExpiration="true"> <credentials passwordFormat="Clear"> <user name="1" password="1" /> </credentials> </forms> </authentication> <sessionState mode="StateServer" stateConnectionString="tcpip=loopback:42424" cookieless="false" timeout="300" /> <pages> I publish with: - delete all existing files - precompile during publish - exclude files from App_Data folder

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.