How to set session timeout more than 20 min.?

Question

I have a problem in my project. There is an admin panel in my website. People can login with a username and password can edit website content. Sometimes a user can take up to 30-40 minutes to enter content, but the session timeout expires after only 20 minutes.

I tried to configure this in the web.config, for example:

<authentication mode="Windows"/>
<sessionState timeout="60" />

and like this:

<system.web>
    <sessionState timeout="60"></sessionState>
</system.web>

and also tried in my form like that:

if (ds.Tables["LOG"].Rows.Count > 0)           
{
    Session["IsLoggedIn"] = "true";        
    Session.Timeout = 60;            
    Response.Redirect("Default.aspx");       
}        
else       
{                
    Label1.Text = "Username/Password is wrong!!";    
}

None of the solutions above worked. I tried each separately and together, but the session still expires after 20 minutes.

Answer 1

Are you sure thats the session that is timing out? It can also be caused by your authentication timing out (i.e. the authentication cookie is set to expire after 20 minutes). Make sure that both session timeout and authentication timeout are set to the same value.

Answer 2

Another hint is to have a look at your IIS settings. When i had to change my timeouts I had to make some server side changes as well. Check the Idle Time-out setting for the application pool. If the site goes idle (i think default of 5 min) then the application pool shuts down to save server resources. This will kill a session as well.

Try increasing the Idle Time-out for the application pool to see if this helps at all.

IIS » Directory » Config » Options AND AppPool » Properties

Obviously if you are in a shared hosting environment you will most likely not be able to adjust this.

Answer 3

When you use the default session state mode of "InProc" (In Process), as you are, the Session State data is very fragile and is lost whenever the AppPool recycles.

Consider using the other built-in session state modes, which run out-of-process and are therefore immune to the AppPool recycling. These are the "StateServer" mode (runs in memory in a separate process) and "SqlServer" mode (state data stored in SQL Server DB).

You will want to use one of these out-of-process session state modes in order to give your session data more robustness, especially if you require longer session timeouts. This doesn't answer your question of why your session times out prematurely, but it will be part of the solution.

The various session state modes all have their strengths and weaknesses in terms of robustness, memory requirements, scalability and performance, so you need to become familiar with them in order to identify the right choice for your application.

As a side note, always consider whether your data needs to go into the session at all. Its generally better to use ViewState when the data is required between postbacks on the same page, provided the amount of data is not too excessive. It is entirely possible to develop ASP.NET applications that don't use Session at all, or use it very sparingly, and generally I find things work a lot more intuitively when you don't use Session eg. the browser Back button. Your DB is there to persist your data, so don't be shy about using it. If you are passing tables or datasets between pages using Session, consider whether you really need to. Could you pass parameters via the query string and then use the parameters to fetch the data from your DB when the page is requested?

Refer : MSDN Session State Modes