tags:

views:

35

answers:

2
Q: 

timeout and auto logout in asp.net 2.0 with IIS 7 even after doing all the possible settings

Hello,

I have an ASP.NET 2.0 web site hosted on Windows Server 2008 with IIS 7. I am using InProc session mode (specified in web.config). My client wants the timeout to be of 3 hours, meaning if the web site is idle, session should remain alive for 3 hours. Currently, what is happening is that if the web site is idle for 20-30 min. and if the user to tries to access any link, it redirects to login page.

I searched on internet and did all the possible settings (as follows):

  1. In web config, session state, time out = 180 minutes.

  2. In web config, forms authentication, time out = 180 minutes.

  3. In IIS 7, Site->Features View->Session state - Session State Mode Setting: In Proc and Cookie Setting->Time out = 180 minutes

  4. In IIs 7, Site->Features View->ASP->Services->Session Properties->Time out = 03:00:00 hours

  5. In IIS 7, Application Pools->Site->Advanced Setting->Process Model->Idle Time-out = 180 minutes.

Even after doing all these settings, timeout has not increased and still if the web site is idle for 20-30 mins. and user tries to access the link, it redirects to login page.

Additional Information: Whenever it redirects to login page after idle of 20-30 mins., and if I check the event log on server, it says something like (I am not sure whether this error is related to this particular issue or not): "Forms authentication failed for request. Reason: The ticket supplied has expired"

A: 

Have you checked your machine.config ?

machine.config can override the default value for the server's Session State, among others

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
Muhammad Akhtar  2010-10-21 05:12:37
I have not checked the machine.config file, but preferably I don't want to modify the machine.config file, because I think it's not feasible to modify it.
pratik  2010-10-21 05:15:31
Also I have checked the machine.config file and there is not such setting for session timeout in the machine.config file
pratik  2010-10-21 05:24:28
+1  A: 

How does your code issue the authentication ticket once users log in? The documentation says that the expiration attribute will overwrite whatever you set in the web.config - that might be the issue.

If the ticket is generated manually by using the FormsAuthenticationTicket class, the time-out can be set through the Expiration attribute. This value will override the timeout attribute value specified in configuration files.

BrokenGlass  2010-10-21 05:26:19
OK in the code (.cs file), when user logs in, I am setting the ticket like: // Create the authentication ticket FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version txbUserName.Text, // user name DateTime.Now, // creation DateTime.Now.AddMinutes(30),// Expiration false, // Persistent roles); // User data
pratik  2010-10-21 05:59:47
The code behind is where you need to also set 180 minutes.
TheGeekYouNeed  2010-10-21 06:18:10
Yes I have just done that, let me test it :)
pratik  2010-10-21 06:20:42

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps