Geek Answers Handbook

Windows Authentication Session Timeout

I have this code in my web.config:

<system.web> <authentication mode="Windows" /> <sessionState timeout="300" /> </system.web>

Even though the sessionstate timeout is 300. It expires in 15-20 minutes, and session data is lost. My application pool and everything has the correct timeout of 300 minutes. Therefore, I believe that the problem is only related to Windows authentication. Secondly, if I just turn off Windows authentication and delete this line, everything works fine (that is, my session data is stored for a long time). What could be the problem?

Thank you in advance:)

+4
source share
3 answers

Verify that the idle timeout is not set in the application pool in IIS. The default value for this parameter is 20 minutes (which leads to confusion as to whether the timeout was started by the session timeout or the idle timeout), and in most cases you can safely set the value to 0, which disables it.

To check the IIS idle timeout, go to the "Advanced Settings for the Application Pool" section.

The idle timeout is a sliding window based on activity for the application, so requests from any client will be reset in the window. If your application is easy to use, you will often use a timeout, as a result of which your application pool will be recycled. The impact on users is that any sessions that were active will be lost, and users who will go to your application after downtime will have to wait until all of their startup processes have started.

+5
source

Windows Authentication Timeout:

If users register in the Windows environment and are controlled by the active directory (domain), there is a possibility of having a domain policy for a user to log in from a "Windows session" after so many minutes of inactivity, this would be done for security reasons. I think your next step would be to talk to someone who is responsible for working with the Windows network and pass them on to them.

0
source

Have you tried setting the timeout for forms authentication in the web.config file?

 <authentication mode="Forms"> <forms loginUrl="login.aspx" defaultUrl="home.aspx" name="AuthCookie" timeout="60" path="/" /> </authentication>

This should go to system.web node. The timeout there (60 in my example) is the number of minutes.

-2
source

More articles:


All Articles