Reputation: 383
Session/Cookies Expiration inquiry
I have an .net/.aspx web application with basic authentication (through web service from third party).
The program flow is as follows: - User logs in on the login page (Username and Password) - .aspx.cs (CodeBehind) handles the web service authentication. - If the user is authenticated, I will set the following: HttpContent.Current.Session["IsLogged"]=1;
I also configured my web.config for my session timeouts by using the following lines:
< sessionState timeout="10" cookieless="UseCookies"/>
< httpCookies httpOnlyCookies="true"/>
Based from my understanding, if no action occurred while I am logged in within 10 minutes, the session will expire.
What I did so far was to log in on the web application then close it immediately, and I didn't accessed the web application for 20 minutes. Now when I opened the web application, I am still logged in. Am I doing something wrong?
My real objective is, when I closed the web application (or got idled) for more than 10 minutes, my session cookies will expired. How can I achieve this?
Thanks!
Upvotes: 0
Views: 114
Answers (1)
Reputation: 2587
Did you set the timeout in Application Pool?
Check below screenshot and also refer this link
Upvotes: 2
Related Questions
- Asp.Net - How to expire Cookie
- ASP.NET cookie does not expire
- Cookie expiration issue in asp.net
- Configure ASP.NET_SessionId cookie expiration
- set cookie to expire at end of session? asp.net
- Cookies and Sessions Expiration in .NET
- How does cookie expiration work under IIS7 and ASP.NET, and is there a way to auto refresh it? Domain level cookie expiration?
- IIS 7.0 Session expiring ASP.net
- User driven session expiration
- ASP.NET Session Expiration