session time out happening before the time mentioned in webconfig

Question

In webconfig i mentioned the session timeout as 20 minutes

    <system.web>

        <compilation debug="true" targetFramework="4.5" />
        <httpRuntime targetFramework="4.5" maxRequestLength="350000" enableVersionHeader="false" 
maxQueryStringLength="3584" executionTimeout="600"/>
        <sessionState mode="InProc" timeout="20"></sessionState>
            <globalization culture="en-GB" />
      </system.web>

but the website is getting logout before 20 minutes of idle time. Any thing i am missing in the code?

Answer 1

Since session information is stored in-memory (mode="InProc"), if the application domain is restarted, all session information will be deleted. If you observe this locally while developing, every time you recompile your application, this will happen. And if you observe this behavior on your web server, it is also possible that IIS could recycle the application domain. For this reason you might need to consider some of the other session state modes like StateServer or SQLServer.

I have talked about ASP.NET Session so far. But there's also the authentication. Since you talked about users being logged-off it is possible that if you are using Forms Authentication, the cookie expires. This is controlled by the <authentication> tag in your config:

<authentication mode="Forms">
    <forms loginUrl="~/Account/Login" timeout="2880" protection="All" />
</authentication>

So you might check this timeout as well.

Bottom line: do not confuse ASP.NET Session with ASP.NET Forms Authentication.