Reputation: 53
idle time out always should be greater than session time out?
I have a project in asp.net c#.I am not using forms authentication.I have simple login page.When user successfully login user redirect to dashboard and session["user"] also generated.But the problem is when user do not use website for 20 minutes or greater than 20 minutes and when user came back try to use it.session is expired.User redirected to again login page. I am using also following script in web.config file
<sessionState timeout = "500" mode = "InProc" />
Is this is because idle time out or not because my idle time out is 20 minuter. IS idle time out always should be greater than session time out?I want session alive 8 to 9 hours or maximum or user do not press logout button
Upvotes: 1
Views: 1864
Answers (2)
Reputation: 11
Setting the session time out to anything greater than 1 hour will result in excessive memory being held in memory, an IIS holds all session memory for the duration of the session.Imagine a time out value of 5 hours on a high traffic site,holding session data for thousands of users' sessions.
To resolve this issue, we need to automatically refresh the web page in the application inorder to create a postback.This can be done with a meta-refresh tag.
Start by adding the following tag to your master page:
<IFRAME ID="KeepAliveFrame" src="KeepSessionAlive.aspx" frameBorder="0" width="0" height="0" runat="server"></IFRAME>
Next, create a new page named KeepSessionAlive.aspx. In the head section of the page, add the following lines:
<meta id="MetaRefresh" http-equiv="refresh" content="21600;url=KeepSessionAlive.aspx" runat="server" />
<script language="javascript">
window.status = "<%=WindowStatusText%>";
</script>
The key to this line is the content value. By default, we set the value to 21600 seconds, which is equal to 6 hours. However, we will be setting the value ourselves in the Page_Load of the web application for this page, so this default value can be ignored.
Add the following code to the Page_Load of KeepSessionAlive.aspx.cs:
protected string WindowStatusText = "";
protected void Page_Load(object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
// Refresh this page 60 seconds before session timeout, effectively resetting the session timeout counter.
MetaRefresh.Attributes["content"] = Convert.ToString((Session.Timeout * 60) - 60) + ";url=KeepSessionAlive.aspx?q=" + DateTime.Now.Ticks;
WindowStatusText = "Last refresh " + DateTime.Now.ToShortDateString() + " " + DateTime.Now.ToShortTimeString();
}
}
The final important step is to change your web.config session timeout value to be a value less than that of IIS's possible timeout values. If your value is greater than IIS's, your auto-refresh will never occur since IIS would have already reset your session state before the refresh timer activates. Choosing a value such as 10 minutes appears to work well. Remember, even though the session timeout value is 10 minutes, your auto-refresh method combined with sliding expiration, will keep the session alive.
Upvotes: 0
Reputation: 1022
It is not possible to change the defaullt 20, from the configuration. But you can change this timing from your IIS.
Check it in IIS. Open the IIS, click on the Application Pools, Select the Application pool for your application.
Right Click --> Select Properties
In the
Performance tab
Set the idle timeout as your desired minutes for "shutdown worker processes after being idle for ..... minutes".
Restart IIS after that.
Upvotes: 1
Related Questions
- How to set session timeout and session idle timeout in asp.net
- ASP.NET Session timeout behavior
- Does Session timeout even if it's not idle?
- set session timeout after inactivity
- Idle timeout seem to cause a loop for the code used for handling session timeouts
- session state timeout vs idle timeout
- Regarding Session Timeout
- Session timeout issue in ASP.NET
- Session expiring after 20 minutes: Whether idle or not
- Session Timeout ASP.Net