ASP.NET - Session Time Out

Question

In the web.config file for my application, in the <sessionState> section I have set timeout="60" (in minutes), but session state variables in my application seem to be expiring in about 1 minutes. Any idea what could cause this?

Answer 1

If you are storing session state "in proc" then every time the app pool recycles you can loose session (this can happen a lot on a server with low memory). You could try storing session state "out of proc" using State Server or SQL Server.

See PRB: Session Data Is Lost When You Use ASP.NET InProc Session State Mode

Answer 2

Yes.

Session timeouts are also specified and controlled by IIS (although there is overlap ofcourse). In IIS 6.0 you also need to check the following places in IIS manager (properties of Virtual directory):

• ASP.net tab > Edit configuration > Authentication tab > Cookie timeout
• ASP.net tab > Edit configuration > State management tab > Session timeout

Setting all these to the same value, fixed the issue for me.

edit: Apparently the previously listed first option, had nothing to do with it. That means, that the first of the two options is now the place for you to fix your session timeout. It's probably not your session timing out, but the authentication expiring.

Or another possibility is that the worker process is restarted, or the application is restarted. Also things to look into.