2

I want to set timeout for my web application for 12 hours.

I have done setting in web.config file as:

<system.web>
     <sessionState timeout="720" />
</system.web>

As suggested in the following post:

  • I came to know that the Application Pool recycles in every 20 minutes (if the pool is ideal).
    And I also checked for changing the application pool time out using one question about application pool timeout setting
  • But still the session time-out is not set to 720 minutes. Do I need to change machine.config file for changing the session time out.
    But I think the properties of machine.config file should be overriden by web.config file.

Kindly provide me some idea.

Community
  • 1
  • 1
शेखर
  • 17,412
  • 13
  • 61
  • 117
  • 2
    Why would you want to keep the session for 12 hours? That's like having someone take a parking space for 5 minutes, then reserving it for 12 hours in case they might come back. Soon, all your spots are filled and nobody has anywhere to park. – Erik Funkenbusch Oct 06 '12 at 06:08
  • it's requirement of client. They have machines on which any customer can come and see the application. So the password is with client not with the customer. So I need to keep the session time out for 12 hours. Hope this justifies my problem. Or do you have some other way out. – शेखर Oct 06 '12 at 06:24
  • 1
    You're confusing authentication with session. Session has nothing to do with the password. Your session can expire, or be reset and still be granted access to the site if your authentication cookie is still valid. They are two separate systems. Session is *ONLY* used for storing a users current state, and a properly designed app can regenerate that state if the session is expired. – Erik Funkenbusch Oct 06 '12 at 06:43
  • Are you talking about the persistent cookies. e.g. FormsAuthentication.SetAuthCookie('username', true); But what will be the expiry time of the cookie. Or can I configure the authentication cookie manually. Am I thinking in the right way? – शेखर Oct 06 '12 at 08:55
  • 1
    FormsAuthentication is one way, yes. And yes, you can control the cookie expiration time. – Erik Funkenbusch Oct 06 '12 at 19:38
  • @MystereMan thanks for your response. Can you please tell me other ways. I was not using form authentication earlier. I was generating session value in the database and then on every page load I was checking for the session variable. But at many places it is suggested that you should use form authentication. So I had gone for form authentication. – शेखर Oct 08 '12 at 05:08

2 Answers2

1

You can try out WMI(Windows Management Instrumentation) script it can help you.You need to have sufficient priveleges to implement the Script.

follwing are the links you can check to get more information.

http://bendera.blogspot.in/2010/12/configuring-ica-rdp-timeout-values.html

http://technet.microsoft.com/en-us/library/cc771956%28v=ws.10%29.aspx

Mayank Pathak
  • 3,621
  • 5
  • 39
  • 67
Abhinandy
  • 56
  • 1
  • 9
  • thank Abhinandy I think @mystereMan is correct I have to look for other option rather than increasing the session time. – शेखर Oct 10 '12 at 06:34
0

You should set all following:

Application Pool / Advanced Settings. There the option Idle Timeout should be set in minutes.

Then within the web.config file in system.web section you should also set the Authentication/Forms, SessionState and RoleManager timeouts, if applicable.

<authentication mode="Forms"><forms loginUrl="~/default.aspx" name=".ASPXFORMSAUTH" timeout="120" /></authentication>

<sessionState cookieless="AutoDetect" cookieName="TYS_ADMIN_SessionId" timeout="120" />

<roleManager ... cookieTimeout="120" defaultProvider="GMRoleProvider" enabled="true">...</roleManager>
HGMamaci
  • 1,339
  • 12
  • 20