I am using cookieless sessions & forms authentication. The session is only used to store 1-3 int32 values. Session timeout in the web.config is set to 120mins. Now that the application is receiving more traffic users are reporting the sessions seem to time out closer to 25mins.
If the session expires while a user is typing something into a form all their data is cleared when they post the form because asp.net redirects them to a URL with the new sessionid. The forms ticket is expiring as expected so the user is not redirected to the login page.
I have taken the following steps to fix the problem:
- ensured the app pool & work process are not being recycled.
- Double checked the codebase for rogue session.abandon() calls but didn't find any
- Verified the timeout settings in web.config are in the IIS config panel of the website
Below are my web.config settings:
<sessionState cookieless="UseUri" timeout="120"></sessionState>
<authentication mode="Forms">
<forms timeout="120" cookieless="UseUri" slidingExpiration="true" loginUrl="~/Login/Login.aspx" defaultUrl="~/News/News.aspx"/>
Any ideas why sessions are timing out before 120mins ?