Session time-out before due

Question

Although quite inefficient, I needed to keep na ASP.NET session for 10 hours… (600 minutes)

So I wrote in the web config...

<authentication mode="Forms">
    <forms slidingExpiration="true" loginUrl="algoExpirou.aspx" name="AuthCookieConte" timeout="600" path="/">
    </forms>
</authentication>

and ' The TICKET...

Dim isPersistent As Boolean = False
    Dim ticket As New FormsAuthenticationTicket(1, strNomeDoRespondente, System.DateTime.Now, DateTime.Now.AddMinutes(600), isPersistent, userData, FormsAuthentication.FormsCookiePath)
    Dim encodedTicket As String = FormsAuthentication.Encrypt(ticket)
    Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, encodedTicket))

Session !!

Session.Timeout = 600

Anyway something goes out after about 25 minutes… from a log:

5:11:25 - logged in

5:35:28 - time-out...

0:24:03 the difference

Rigth now I Don have a clue to what is happening. The hosting for the site is shared, I wonder there is a limit somehow to the time-out, but the site is being tested, no one is using it !

Thanks for any idea about it… Regards, RConte

score 0 · Answer 1 · answered Apr 12 '12 at 06:27

0

Session time out and Authentication time out are two different things. You are you only setting your authentication timeout to 10 hours.

answered Apr 12 '12 at 06:27

TheGeekYouNeed

7,509
2
26
43

Thanks for the response... Session.Timeout = 600 (see above) I supposed would set session time-out... – Ricardo Conte Apr 12 '12 at 07:15
Where are you setting the Session timeout? – TheGeekYouNeed Apr 12 '12 at 08:14

score 0 · Answer 2 · answered Apr 13 '12 at 05:11

ok, folks, just solve it ! The site was in a hosting site using a so-called "CLOUD" hosting. Moved it to a "not CLOUD" in the same hosting company and it started to work fine! (I asked the support guys about this possibility but they were of no help at all) Took only 2 days to solve... but I learned some. Regards, R Conte

score 0 · Answer 3 · edited Dec 20 '12 at 18:00

I know this is late in the game for this question, but I've been caught by this before. There is an app pool setting in IIS that controls the "idle timeout". When the idle timeout is reached, the app pool worker process will shut down. I believe the forms authentication cookie lives while the session dies. I usually set the idle timeout to 0 (so that it never times out) and configure IIS to recycle my app pools at the same time everyday (e.g. - 1am, when there is minimal to no usage on the site).

Session time-out before due

3 Answers3