Not able to increase session timeout in ASP.NET Core 2.0

Question

I am not able to increase the session timeout in ASP.NET Core 2.0. Session gets expired after every 20 to 30 minutes. When I decrease the time to 1 minutes and debug it it works fine but when it is increased to more more than 30 minutes or hours/days it does not last to specified duration.

Session is expired after 30 minutes in debug mode as well as from IIS (Hosted after publish).

options.IdleTimeout = TimeSpan.FromMinutes(180);

I am using below code in startup.cs file.

public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc();
        
        // Adds a default in-memory implementation of IDistributedCache.
        services.AddDistributedMemoryCache();

        services.ConfigureApplicationCookie(options =>
        {
            options.Cookie.HttpOnly = true;
            options.Cookie.Expiration = TimeSpan.FromDays(3);
            options.ExpireTimeSpan= TimeSpan.FromDays(3);
            options.SlidingExpiration = true;
        });

        services.AddSession(options =>
        {
            // Set a short timeout for easy testing.
            options.IdleTimeout = TimeSpan.FromMinutes(180);                
        });
        services.AddSingleton<IConfiguration>(Configuration);
        
       
        // In production, the Angular files will be served from this directory
        services.AddSpaStaticFiles(configuration =>
        {
            configuration.RootPath = "ClientApp/dist";
        });
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IConfigurationSettings configurationSettings)
    {
       
        //
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
        }

        app.UseSession();
        app.UseStaticFiles();
        app.UseSpaStaticFiles();

        app.UseExceptionHandler(
         builder =>
         {
             builder.Run(
             async context =>
             {
                 context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
                 context.Response.ContentType = "application/json";
                 var ex = context.Features.Get<IExceptionHandlerFeature>();
                 if (ex != null)
                 {                         
                     if(ex.Error is SessionTimeOutException)
                     {
                         context.Response.StatusCode = 333;
                     }
                     if (ex.Error is UnauthorizedAccessException)
                     {
                         context.Response.StatusCode =999;
                     }
                     var err = JsonConvert.SerializeObject(new Error()
                     {
                         Stacktrace = ex.Error.StackTrace,
                         Message = ex.Error.Message
                     });
                     await context.Response.Body.WriteAsync(Encoding.ASCII.GetBytes(err), 0, err.Length).ConfigureAwait(false);
                 }
             });
         });

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller}/{action=Index}/{id?}");
        });

        app.UseSpa(spa =>
        {
            // To learn more about options for serving an Angular SPA from ASP.NET Core,
            // see https://go.microsoft.com/fwlink/?linkid=864501

            spa.Options.SourcePath = "ClientApp";

            if (env.IsDevelopment())
            {
                spa.UseAngularCliServer(npmScript: "start");
            }
        });
    }

score 4 · Answer 1 · answered May 08 '18 at 07:32

4

The issue might be coming because of your application pool get recycled on IIS. by default IIS Application pool get recycled after every 20 minutes.

Try to increase the application pool recycle time.

To change the application pool recycle time. Go through the following link

https://www.coreblox.com/blog/2014/12/iis7-application-pool-recycling-and-idle-time-out

answered May 08 '18 at 07:32

Trilok Kumar

571
6
12

But I get same issue when I run the application using VS 2017 and IIS express in debug mode. – Rupesh Kumar May 08 '18 at 08:37
Have you changed this options.IdleTimeout = TimeSpan.FromMinutes(180); from your code to something higher and retest it. – Trilok Kumar May 08 '18 at 12:11
Yes, I have changed it to 2 days, 3 days but still got session timeout after 20 to 30 minutes. – Rupesh Kumar May 08 '18 at 12:34
Thanks Trilok Kumar. It's working fine now after changing the application pool idle time out to 60 – Rupesh Kumar May 09 '18 at 01:48

score 2 · Answer 2 · answered Nov 08 '19 at 13:15

I work with asp.net core 2.2 (selfhosting in kestrel, without IIS) and had the same problem with some session variables (they were reset after about 20-30 minutes).

In startup.cs, I had:

services.AddSession();

(without options, as I tought a session lives automatically as long as the user have a connection)

I have changed this to:

services.AddSession(options =>
{
   options.IdleTimeout = TimeSpan.FromHours(8);
});

And... it seems to work (in Kestrel (production) and also with IIS-Express (Debugging)).

Regarding recycling (as mentioned above), according to this posting:

[Kestrel recycling:][1] Kestrel webserver for Asp.Net Core - does it recycle / reload after some time

It seems as Kestrel don’t recycle.

Not able to increase session timeout in ASP.NET Core 2.0

2 Answers2