Hi
I have a requirement to persist the Persistent auth cokkies for a long period (1 month)
I am also using quite a few session variables. Now I cannot set the session timeout to that long (it will kill the server). It is currently set to 30 mins.
Suppose the user keeps their browser window open for a day, the auth cookie wont expire but the session would. And the application wont function.
So any suggestion, workarounds or useful links for this problem?
Persisting the authentication cookie is easy, and independant of the Session state:
<system.web>
<authentication mode="Forms">
<forms timeout="43200"/>
</authentication>
</system.web>
The timeout is set in minutes, so:
30 (days) * 24 (hours) * 60 (minutes) = 43200 minutes
The session stuff is a bit trickier, but workable.
You really need to look at what you're actually storing in session, and whether you really need all of it all of the time. As session variables are stored on the server, to have them persist across application restarts (which defaults to 20 minutes after the last activity on the site, or 29 hours since the last app restart, and other exceptional cases) you're going to have to look at using something other than InProc sessions - either using a session server, or SqlSessions.
However, it might be that you can do something with profiles as well, so store the least used variables in a profile store, and only retrieve them when you really need to.
Otherwise, you'd want to look at ways you could rebuild the session state when a user comes back - so store some sort of known token in a persistant cookie that enables you to pick up where you left off - however the easiest way to do that is to take their username from the authentication system, and store the details in a database...