tags:

views:

50

answers:

2
+1  Q: 

disable auto logout feature in asp.net

Im using forms authentication. I want my application should not logout the user automatically after sometime.

+3  A: 

I don't know if you can turn it off completely, but you could try setting a large timeout value in your web config:

    <authentication mode="Forms">
        <forms loginUrl="Login.aspx" timeout="9999" slidingExpiration="true" defaultUrl="~/Default.aspx"/>
    </authentication>
Brissles  2010-10-01 14:05:36
+2  A: 

You can change the timeout like this:

<system.web>
    <authentication mode="Forms">
          <forms timeout="99999999"/>
    </authentication>
</system.web>

Further config options can be found here.

Make sure your session timeout isn't less than the forms authentication timeout. Otherwise, your users will have a hard time using your site.

You can change the session timeout in the web.config:

<system.web> 
    <sessionState timeout="999999999" /> 
<system.web>

Further details can be found here.

It could be a security issue to have someone logged in indefinitely.

Joe R  2010-10-01 14:06:49
What happens if your session timeout is less than the forms authentication timeout? I'd have thought that was a relatively common scenario (eg Stack overflow remembers my login details for days and I doubt ti keeps sessions around that long). You can't rely on all your data being in session but I personally wouldn't anyway most of the time...
Chris  2010-10-01 15:00:47
It's possible that session data is lost while the user is actually logged in and trying to use the site.
Joe R  2010-10-01 15:41:04
I don't know how SO is built but your login will be kept in a cookie... That's how SO remembers your login details.
Joe R  2010-10-01 15:42:49
I'd have thought you'd do bad things to server resources if you kept sessions around for too long. You're right that you might lose data but I'm not sure you should be storing things in session that are critical (I hate things like travel websites where you've done a search and go off to cehck other sites and come back and it tells you that your session timed out so you should start again - absolutely no reason to keep search details in session).
Chris  2010-10-01 16:26:26

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps