Reputation: 634
Session.SessionID does it stay the same after timeout?
I have an asp.net webpage using forms authentication, I have my SessionState.timeout="4" and my FormsAuthentication.timeout="20" in my web.config file.
So after 4 minutes of inactivity, my session expires but I'm not forced to log back in because the forms authentication is set to longer, but I noticed that the Session.SessionID is still the same after the Session has expired.
Can anyone tell me if this is by design, ie the session is just re-instated?
Thanks folks.
Upvotes: 1
Views: 696
Answers (1)
Reputation: 141648
Session identifiers for abandoned or expired sessions are recycled by default. That is, if a request is made that includes the session identifier for an expired or abandoned session, a new session is started using the same session identifier. You can disable this by setting
regenerateExpiredSessionIdattribute of the configuration element to true.
Upvotes: 2
Related Questions
- If a folder does not exist, create it
- How to expire session due to inactivity in Django?
- laravel csrf token mismatch exception after session timeout
- Forms Authentication Timeout Being Ignored
- Session_End in Global.asax.cs not firing using forms authentication
- What are possibilities that <sessionState> timeout is ignored when using forms authentication?
- Is it normal for authenticated users to be need to sign back in after web.config edit?
- Redirect to page after Forms Authentication Timeout
- ASP.Net - Forms Authentication setup for specific Security concerns