0

I have integrated an ASP.NET MVC 4 app with a legacy ASP.NET 4 Webforms app. The webforms app used SQL Membership Provider to implement the security features with Forms authentication mode , so I've kept that security in the newly integrated app as well. I am using [authorize] attribute on some MVC action methods to protect some MVC views. This all works fine except that the MVC pages (Views) timeout earlier than the timeouts set for forms authentication and the sessionState as shown below in the web.config file

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>

<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="600">

As you can see that the timeouts are set for several hours. Yet the MVC views timeout after about 30 minutes whereas webforms pages don't timeout in the same app. Why it's happening and how can it be resolved?

nam
  • 21,967
  • 37
  • 158
  • 332
  • 1
    That's not really possible, as they both use the same session code. You must have code somewhere that is forcing a session abandon. You do know that authentication and session are different things, right? You're not confusing the two are you? – Erik Funkenbusch Feb 27 '14 at 16:11
  • Erik, The only place I am abandoning the session is on the logout event of an .Aspx page when the user logs out as shown below: `protected void HeadLoginStatus_LoggedOut(object sender, EventArgs e) { Session.Abandon(); }` – nam Mar 02 '14 at 04:08
  • I will say this again, because you ignored me the first time. YOu do understand that Authentication and session are two different things, right? – Erik Funkenbusch Mar 02 '14 at 05:58

0 Answers0