4

In my web.config file I tried Session.Timeout="1" and found working. Later I tried Session.Timeout="20160". Even if I give such a large number my website "Session Transfers" are being expired in 15-20mins. Do I need to change any settings in IIS? I am using windows 2003 server.

Improve this question
6
  • Are you using Forms Authentication for your pages by any chance? Commented Jul 6, 2011 at 12:42
  • Not sure but I think yes. Its default IIS provided with windows 2003 server. Commented Jul 6, 2011 at 12:43
  • Is the website shutting down? Session timeout won't stop your websites app domain being shut down by IIS if the website is inactive. Try logging the Application_End event in Global.asax. You can increase the idle timeout in the IIS configuration for the site. Commented Jul 6, 2011 at 12:45
  • 1
    I am sending a code from one page to another for authentication. This code is currently stored as session. When I reload page instantly there is no problem. If I reload page after 20 mins page is being redirected to login page. i.e. there is no more session code present over the page. Commented Jul 6, 2011 at 12:50
  • If it's exactly 20 mins then this is also the default idle timeout - so if your site is idle for that 20 mins then increase the idle timeout in the iis settings. Commented Jul 6, 2011 at 13:00

4 Answers 4

Reset to default
2

define in the web configuration file:

<sessionstate 
      mode="inproc"
       cookieless="false" 
      timeout="20" 
     />
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

check this :

http://forums.asp.net/t/1283350.aspx

Improve this answer

1 Comment

I configured my server with these settings before a month but instead to change values for 20 to 14400 I disabled the check box and saved settings. Hope this will be optimized to the maximum time.
0

define in here in web.config file:

 <system.web>
     <authentication mode="Forms">
         <forms timeout="50" />
     </authentication>
 </system.web>
Improve this answer

5 Comments

What about declaration in <sessionState cookieless="false" timeout="1440" />
In that case, I post a new question to know what is their difference?
cookieless sessions can easily be hijacked, so try and avoid. the following article outlines the problems. troyhunt.com/2010/07/…
@Nick - But its cookieless="false" na?
@kars, just wanted to point out its important to avoid cookieless sessions.
0

Seems like session timeout has a max of 24 hours. Check this out http://support.microsoft.com/kb/233477

Set it to 24 hours or less and you will be fine.

Also explained here: http://msdn.microsoft.com/en-us/library/ms525473(v=vs.90).aspx

IIS 6.0: The minimum allowed value is 1 minute and the maximum is 1440 minutes.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.