Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Session times out in less time than I set

Reply
Thread Tools

Session times out in less time than I set

 
 
gnewsgroup
Guest
Posts: n/a
 
      04-18-2008
I am using forms authentication for my web application.

In web.config, I have this:

<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="120"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="Default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>
</authentication>

And in my Login.aspx.cs, I have this:

FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(1, username, DateTime.Now,
DateTime.Now.AddMinutes(120), false, "userdata");
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie =
new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
Response.Cookies.Add(cookie);
Response.Redirect(FormsAuthentication.GetRedirectU rl(username,
false));

I ran my web app, log in, let it idle for 1 hour 40 minutes, then I
click on something, but was logged out. It's not 2 hours yet.

What do you think is causing the problem? Thank you.
 
Reply With Quote
 
 
 
 
bruce barker
Guest
Posts: n/a
 
      04-18-2008
asp.net has an application idle (shutdownTimeout) setting defaulted to 30
minues. if noone hits the site and you use inproc sessions, then they will be
lost at the thirty minute mark.


-- bruce (sqlwork.com)


"gnewsgroup" wrote:

> I am using forms authentication for my web application.
>
> In web.config, I have this:
>
> <authentication mode="Forms">
> <forms loginUrl="Login.aspx"
> protection="All"
> timeout="120"
> name=".ASPXAUTH"
> path="/"
> requireSSL="false"
> slidingExpiration="true"
> defaultUrl="Default.aspx"
> cookieless="UseDeviceProfile"
> enableCrossAppRedirects="false"/>
> </authentication>
>
> And in my Login.aspx.cs, I have this:
>
> FormsAuthenticationTicket ticket =
> new FormsAuthenticationTicket(1, username, DateTime.Now,
> DateTime.Now.AddMinutes(120), false, "userdata");
> string encryptedTicket = FormsAuthentication.Encrypt(ticket);
> HttpCookie cookie =
> new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
> Response.Cookies.Add(cookie);
> Response.Redirect(FormsAuthentication.GetRedirectU rl(username,
> false));
>
> I ran my web app, log in, let it idle for 1 hour 40 minutes, then I
> click on something, but was logged out. It's not 2 hours yet.
>
> What do you think is causing the problem? Thank you.
>

 
Reply With Quote
 
 
 
 
gnewsgroup
Guest
Posts: n/a
 
      04-18-2008
On Apr 18, 3:47 pm, bruce barker
<(E-Mail Removed)> wrote:
> asp.net has an application idle (shutdownTimeout) setting defaulted to 30
> minues. if noone hits the site and you use inproc sessions, then they will be
> lost at the thirty minute mark.
>
> -- bruce (sqlwork.com)
>


Ha, very interesting. Yes, I use inproc mode. Is this 30 min default
changeable in web.config or machine.config? Also, if this documented
by MSDN? Can I get a reference to the doc? Thank you very much.
 
Reply With Quote
 
gnewsgroup
Guest
Posts: n/a
 
      04-24-2008
On Apr 18, 3:47 pm, bruce barker
<(E-Mail Removed)> wrote:
> asp.net has an application idle (shutdownTimeout) setting defaulted to 30
> minues. if noone hits the site and you use inproc sessions, then they will be
> lost at the thirty minute mark.
>
> -- bruce (sqlwork.com)
>


I have been trying hard to find any documentation about this, but
could not find any.
I've tried InProc mode, and since the result does not seem to be
reliable, then I tried using SQLServer mode.

But, still a session can be lost shorter than the timeout I set in
web.config.

Please be advised, that when I tested it, I tried not to touch any
file in my web application.

Any idea why this happens? And is there a way to keep a session alive
for 2 to 3 hours even if no one is using the web application?

Please share your wisdom and thank you very much.
 
Reply With Quote
 
gnewsgroup
Guest
Posts: n/a
 
      04-25-2008
On Apr 24, 6:13 pm, gnewsgroup <(E-Mail Removed)> wrote:
> On Apr 18, 3:47 pm, bruce barker
>
> <(E-Mail Removed)> wrote:
> > asp.net has an application idle (shutdownTimeout) setting defaulted to 30
> > minues. if noone hits the site and you use inproc sessions, then they will be
> > lost at the thirty minute mark.

>
> > -- bruce (sqlwork.com)

>
> I have been trying hard to find any documentation about this, but
> could not find any.
> I've tried InProc mode, and since the result does not seem to be
> reliable, then I tried using SQLServer mode.
>
> But, still a session can be lost shorter than the timeout I set in
> web.config.
>
> Please be advised, that when I tested it, I tried not to touch any
> file in my web application.
>
> Any idea why this happens? And is there a way to keep a session alive
> for 2 to 3 hours even if no one is using the web application?
>
> Please share your wisdom and thank you very much.


Anyone out there has a clue? I feel helpless with the session
timeout.

It looks like if the timeout value I set for Forms Authentication and
sessionState in web.config is smaller than 30 minutes, the system
honors the timeout setting

But if I set the value to be much bigger, then whether I use InProc or
SQLServer, my session always timeout 30 minutes or so.

Any idea how I can keep the session alive for 2 to 3 hours?

Thank you.
 
Reply With Quote
 
gnewsgroup
Guest
Posts: n/a
 
      04-25-2008
On Apr 25, 11:53 am, gnewsgroup <(E-Mail Removed)> wrote:
> On Apr 24, 6:13 pm, gnewsgroup <(E-Mail Removed)> wrote:
>
>
>
> > On Apr 18, 3:47 pm, bruce barker

>
> > <(E-Mail Removed)> wrote:
> > > asp.net has an application idle (shutdownTimeout) setting defaulted to 30
> > > minues. if noone hits the site and you use inproc sessions, then they will be
> > > lost at the thirty minute mark.

>
> > > -- bruce (sqlwork.com)

>
> > I have been trying hard to find any documentation about this, but
> > could not find any.
> > I've tried InProc mode, and since the result does not seem to be
> > reliable, then I tried using SQLServer mode.

>
> > But, still a session can be lost shorter than the timeout I set in
> > web.config.

>
> > Please be advised, that when I tested it, I tried not to touch any
> > file in my web application.

>
> > Any idea why this happens? And is there a way to keep a session alive
> > for 2 to 3 hours even if no one is using the web application?

>
> > Please share your wisdom and thank you very much.

>
> Anyone out there has a clue? I feel helpless with the session
> timeout.
>
> It looks like if the timeout value I set for Forms Authentication and
> sessionState in web.config is smaller than 30 minutes, the system
> honors the timeout setting
>
> But if I set the value to be much bigger, then whether I use InProc or
> SQLServer, my session always timeout 30 minutes or so.
>
> Any idea how I can keep the session alive for 2 to 3 hours?
>
> Thank you.


Does it help to change the timeout values in processModel element?
 
Reply With Quote
 
gnewsgroup
Guest
Posts: n/a
 
      04-25-2008
On Apr 25, 12:55 pm, gnewsgroup <(E-Mail Removed)> wrote:
> On Apr 25, 11:53 am, gnewsgroup <(E-Mail Removed)> wrote:
>
>
>
> > On Apr 24, 6:13 pm, gnewsgroup <(E-Mail Removed)> wrote:

>
> > > On Apr 18, 3:47 pm, bruce barker

>
> > > <(E-Mail Removed)> wrote:
> > > > asp.net has an application idle (shutdownTimeout) setting defaulted to 30
> > > > minues. if noone hits the site and you use inproc sessions, then they will be
> > > > lost at the thirty minute mark.

>
> > > > -- bruce (sqlwork.com)

>
> > > I have been trying hard to find any documentation about this, but
> > > could not find any.
> > > I've tried InProc mode, and since the result does not seem to be
> > > reliable, then I tried using SQLServer mode.

>
> > > But, still a session can be lost shorter than the timeout I set in
> > > web.config.

>
> > > Please be advised, that when I tested it, I tried not to touch any
> > > file in my web application.

>
> > > Any idea why this happens? And is there a way to keep a session alive
> > > for 2 to 3 hours even if no one is using the web application?

>
> > > Please share your wisdom and thank you very much.

>
> > Anyone out there has a clue? I feel helpless with the session
> > timeout.

>
> > It looks like if the timeout value I set for Forms Authentication and
> > sessionState in web.config is smaller than 30 minutes, the system
> > honors the timeout setting

>
> > But if I set the value to be much bigger, then whether I use InProc or
> > SQLServer, my session always timeout 30 minutes or so.

>
> > Any idea how I can keep the session alive for 2 to 3 hours?

>
> > Thank you.

>
> Does it help to change the timeout values in processModel element?


Hmm, looks like no one has a clue about this issue. I have been
testing this session timeout like crazy, and I am not getting
predictable, consistent results.

You guys never have any issue with session timeout? Our client would
like to keep a session alive for at least 2 hours, and it seems that
we cannot make this happen. It always timeout 30 minutes or so, no
matter what I try.

I've tried InProc, I've tried SqlServer state modes. I've modified
the processModel element of machine.config like so:

<processModel enable="true" idleTimeout="120" shutdownTimeout="120"
timeout="120" autoConfig="false" />

None of these helped.

I am using forms authentication, and I always set the same value for
forms authentication timeout and session timeout in web.config.

Ok, does any guru have a clue? Any hint is highly appreciated.
 
Reply With Quote
 
gnewsgroup
Guest
Posts: n/a
 
      05-01-2008
On Apr 25, 5:44 pm, gnewsgroup <(E-Mail Removed)> wrote:
> On Apr 25, 12:55 pm, gnewsgroup <(E-Mail Removed)> wrote:
>
>
>
> > On Apr 25, 11:53 am, gnewsgroup <(E-Mail Removed)> wrote:

>
> > > On Apr 24, 6:13 pm, gnewsgroup <(E-Mail Removed)> wrote:

>
> > > > On Apr 18, 3:47 pm, bruce barker

>
> > > > <(E-Mail Removed)> wrote:
> > > > > asp.net has an application idle (shutdownTimeout) setting defaulted to 30
> > > > > minues. if noone hits the site and you use inproc sessions, then they will be
> > > > > lost at the thirty minute mark.

>
> > > > > -- bruce (sqlwork.com)

>
> > > > I have been trying hard to find any documentation about this, but
> > > > could not find any.
> > > > I've tried InProc mode, and since the result does not seem to be
> > > > reliable, then I tried using SQLServer mode.

>
> > > > But, still asessioncan be lost shorter than thetimeoutIsetin
> > > > web.config.

>
> > > > Please be advised, that when I tested it, I tried not to touch any
> > > > file in my web application.

>
> > > > Any idea why this happens? And is there a way to keep asessionalive
> > > > for 2 to 3 hours even if no one is using the web application?

>
> > > > Please share your wisdom and thank you very much.

>
> > > Anyone out there has a clue? I feel helpless with thesession
> > >timeout.

>
> > > It looks like if thetimeoutvalue Isetfor Forms Authentication and
> > > sessionState in web.config is smaller than 30 minutes, the system
> > > honors thetimeoutsetting

>
> > > But if Isetthe value to be much bigger, then whether I use InProc or
> > > SQLServer, mysessionalwaystimeout30 minutes or so.

>
> > > Any idea how I can keep thesessionalive for 2 to 3 hours?

>
> > > Thank you.

>
> > Does it help to change thetimeoutvalues in processModel element?

>
> Hmm, looks like no one has a clue about this issue. I have been
> testing thissessiontimeoutlike crazy, and I am not getting
> predictable, consistent results.
>
> You guys never have any issue withsessiontimeout? Our client would
> like to keep asessionalive for at least 2 hours, and it seems that
> we cannot make this happen. It alwaystimeout30 minutes or so, no
> matter what I try.
>
> I've tried InProc, I've tried SqlServer state modes. I've modified
> the processModel element of machine.config like so:
>
> <processModel enable="true" idleTimeout="120" shutdownTimeout="120"timeout="120" autoConfig="false" />
>
> None of these helped.
>
> I am using forms authentication, and I alwayssetthe same value for
> forms authenticationtimeoutandsessiontimeoutin web.config.
>
> Ok, does any guru have a clue? Any hint is highly appreciated.


OK, it seems that the session timeout setting in my web.config works
fine on my development machine. But on my client's production server,
session always timeout in 20 minutes. I gave it a few tests, at 19
minutes, it is alive, but at 21 minutes, it is dead. However, I am
using the same web.config. Any idea what might be giving me this
trouble on the production server? Thank you.
 
Reply With Quote
 
David A. Rodriguez
Guest
Posts: n/a
 
      05-02-2008
I cannot remember at the top of my head but will try to find for you
tommorow, but I believe you can set the session time outs in IIS in the
properties of the website. I will try to look for that for you
tommorow. I am not at work is why.

On 2008-05-01 10:07:42 -0500, gnewsgroup <(E-Mail Removed)> said:

> On Apr 25, 5:44 pm, gnewsgroup <(E-Mail Removed)> wrote:
>> On Apr 25, 12:55 pm, gnewsgroup <(E-Mail Removed)> wrote:
>>
>>
>>
>>> On Apr 25, 11:53 am, gnewsgroup <(E-Mail Removed)> wrote:

>>
>>>> On Apr 24, 6:13 pm, gnewsgroup <(E-Mail Removed)> wrote:

>>
>>>>> On Apr 18, 3:47 pm, bruce barker

>>
>>>>> <(E-Mail Removed)> wrote:
>>>>>> asp.net has an application idle (shutdownTimeout) setting defaulted to 30
>>>>>> minues. if noone hits the site and you use inproc sessions, then they will be
>>>>>> lost at the thirty minute mark.

>>
>>>>>> -- bruce (sqlwork.com)

>>
>>>>> I have been trying hard to find any documentation about this, but
>>>>> could not find any.
>>>>> I've tried InProc mode, and since the result does not seem to be
>>>>> reliable, then I tried using SQLServer mode.

>>
>>>>> But, still asessioncan be lost shorter than thetimeoutIsetin
>>>>> web.config.

>>
>>>>> Please be advised, that when I tested it, I tried not to touch any
>>>>> file in my web application.

>>
>>>>> Any idea why this happens? And is there a way to keep asessionalive
>>>>> for 2 to 3 hours even if no one is using the web application?

>>
>>>>> Please share your wisdom and thank you very much.

>>
>>>> Anyone out there has a clue? I feel helpless with thesession
>>>> timeout.

>>
>>>> It looks like if thetimeoutvalue Isetfor Forms Authentication and
>>>> sessionState in web.config is smaller than 30 minutes, the system
>>>> honors thetimeoutsetting

>>
>>>> But if Isetthe value to be much bigger, then whether I use InProc or
>>>> SQLServer, mysessionalwaystimeout30 minutes or so.

>>
>>>> Any idea how I can keep thesessionalive for 2 to 3 hours?

>>
>>>> Thank you.

>>
>>> Does it help to change thetimeoutvalues in processModel element?

>>
>> Hmm, looks like no one has a clue about this issue. I have been
>> testing thissessiontimeoutlike crazy, and I am not getting
>> predictable, consistent results.
>>
>> You guys never have any issue withsessiontimeout? Our client would
>> like to keep asessionalive for at least 2 hours, and it seems that
>> we cannot make this happen. It alwaystimeout30 minutes or so, no
>> matter what I try.
>>
>> I've tried InProc, I've tried SqlServer state modes. I've modified
>> the processModel element of machine.config like so:
>>
>> <processModel enable="true" idleTimeout="120"
>> shutdownTimeout="120"timeout="120" autoConfig="false" />
>>
>> None of these helped.
>>
>> I am using forms authentication, and I alwayssetthe same value for
>> forms authenticationtimeoutandsessiontimeoutin web.config.
>>
>> Ok, does any guru have a clue? Any hint is highly appreciated.

>
> OK, it seems that the session timeout setting in my web.config works
> fine on my development machine. But on my client's production server,
> session always timeout in 20 minutes. I gave it a few tests, at 19
> minutes, it is alive, but at 21 minutes, it is dead. However, I am
> using the same web.config. Any idea what might be giving me this
> trouble on the production server? Thank you.



 
Reply With Quote
 
gnewsgroup
Guest
Posts: n/a
 
      05-02-2008
On May 2, 2:05 am, David A. Rodriguez <(E-Mail Removed)> wrote:
> I cannot remember at the top of my head but will try to find for you
> tommorow, but I believe you can set the session time outs in IIS in the
> properties of the website. I will try to look for that for you
> tommorow. I am not at work is why.
>


Thank you. I know that we can set the session timeout with the IIS
control panel. But some gurus on this board told me that that one is
only meant for classic ASP. My web application is .net 2.0.

Well, with IIS control panel, we do have the ability to set the
timeout for .net web application as well, but Juan Libre told me that
it'll be overriden by whatever value I set in web.config anyway.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Anyone want to bet that C++ won't be 10 times less significant in 5 years than it is today? Jo C++ 6 11-21-2011 05:53 PM
str.Template 4 times slower than calling replace multiple times Jack Steven Python 2 03-09-2009 05:38 AM
form authentication time out less then what is set in web.config =?Utf-8?B?QmVuIFM=?= ASP .Net 1 10-04-2004 11:55 PM
Does session cookie persist when after session times out? =?Utf-8?B?RWFybCBUZWlncm9i?= ASP .Net 2 07-28-2004 06:42 PM
Time on Update is exactly 3 hours less than time entered Ray Wood ASP .Net Web Services 0 07-17-2003 02:06 PM



Advertisments