CODEWITHSUNDEEP
c#asp.net-mvc-4sessionauthentication
Vitalii
Vitalii

Reputation: 11091

Session timeout does not work at asp.net mvc 4 C# . Why?

For my web site I configured login session timeout for 1 week in web.config file

<system.web>
  <httpRuntime />

  <!-- Session keeps for 7 days -->
    <sessionState timeout="10080"></sessionState>
    <authentication mode="Forms">
      <forms loginUrl="~/" timeout="10080" slidingExpiration="true"/>
    </authentication>
  <!-- Configuration end  -->
</system.web>

Here is code for login

    [AllowAnonymous]
    [HttpPost]
    public ActionResult Login(string Login, string Password)
    {
        // empty passwords are not allowed
        if (Password == "")
            return Redirect(Request.UrlReferrer.ToString());

        bool LoginResult = WebSecurity.Login(Login, Password, true);
        return Redirect(Request.UrlReferrer.ToString());
    }

I login, close browser and open it again go to my web site -> user is logged in. I close browser, wait some time (about 30 minutes) go to my web site -> user is logged off. Why? Session should be stored for 7 days but we does not have even 30 minutes. Whan can be the source of problem?

Edit 1 The main idea is that I want to go back to the site in several days and still open it with logged in user

Upvotes: 13

Views: 21617

Answers (4)

Ramy Farag
Ramy Farag

Reputation: 33

Website Session.Timeout will work only when it is less than the application pool session timeout value; because whenever the application pool session timeout value is reached, that particular application pool will be restarted.

http://www.codeproject.com/Articles/113287/Why-Session-Timeout-is-not-working-for-your-websit

Upvotes: 3

Hans Kesting
Hans Kesting

Reputation: 39329

When the application is idle (no requests for some time), IIS may shut it down. This will destroy all Sessions.

Authentication stores it's data in a database and thus survives a restart.

Upvotes: 1

LakshmiNarayanan
LakshmiNarayanan

Reputation: 1188

Possibly, your IIS would have been configured to 20 minutes of TimeOut.

Change the IIS session timeout to 1 week 24 hours, which I hope will solve your problem.

Refer this

By design, the maximum value of timeout is set to be 24 hours. Check out Microsoft support forum

To achieve a larger window for timeout, you could consider maintaining session states in SQL, as suggested by @Marc.

Upvotes: 12

Marc
Marc

Reputation: 1002

Try moving your session state into Sql (link here). This should persist an IIS restart/app pool recycle etc.

Upvotes: 4

Related Questions