I apologize in advance for this likely being asked before. I have an asp.net 2.0 web application and am trying to set the session timeout.
My first attempt was to add this to the web.config. < sessionState mode="InProc" timeout="300" >
Users would tell me though that after about 20 minu开发者_Go百科tes of being idle and then trying to do something again on the site they'd be redirected back to the login page.
So now I'm trying timeout="60" in my < forms tag in the web.config.
I also tried Session.Timeout=60 in my global.asax.
Should these work? Do I need something else? Thank you for your time and help.
From another forum post.
There are two different types of timeout. One is an authentication timeout (which redirects you to a login page) and the other is a session timeout (which drops all session vars). I set the session timeout in global.asax session_start by using session.timeout. IN your webconfig, you can set the authentication timeout by editing this tag:
<authentication mode="Forms">
<forms timeout="1024"/>
</authentication>
Session timeout and the authentication timeout are two separate things.
Any user that comes to your site gets a session, regardless of whether or not they've logged in. After they have been inactive for the specified timeout, their session is gone and they get assigned a new session the next time they hit your site.
Forms Authentication uses an authentication ticket in a cookie that also has a timeout. If the authentication timeout is shorter than the session timeout, the authentication ticket will expire and the users will still be logged out - but they'll still have their session data!
You need to look for the authentication timeout in your web.config and adjust it to match the session timeout.
精彩评论