IIS Session Timeout and Forms Authentication Loop

Question

IIS Session Timeout and Forms Authentication Loop

I seem to have a problem with timeouts and authentication forms in my application. The application is based on MVC3 and heavily AJAX. I find that even when the user is constantly working on the application and is not idle, sometimes they are pushed, and then the forms authentication goes into the redirect cycle with error 302.

The application is hosted by a provider who tells me that they have increased session timeouts to 60 mints. My web.config setting for the application is as follows.

<authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseCookies" slidingExpiration="true"/>
    </authentication>

Why do I get session timeouts? Are there any settings that I can check / change to stop this?

Thanks,

+2

asp.net-mvc-3 session-timeout forms-authentication

Simpleuser Oct 27 '13 at 8:55

source share

1 answer

Simpleuser · Accepted Answer · 2013-11-11T09:49:08+0000

I finally realized what was going on. First, I had a Session filter on my base controller, which caught session timeouts and redirected it to Account / LogOn. Removing from it brought redirect loops.

I also changed my code to NOT use session variables to get around the problem of frequent session timeouts. And now it has been resolved. Hope this helps someone else struggling with similar issues. Remember and check out any custom attribute filters you can use in your code.

IIS Session Timeout and Forms Authentication Loop

More articles: