Session timeout issue when using forms authentication

Question

How to set (increase) the session timeout when using forms authentication in ASP.Net? I set it in the web.config file as follows, but it doesn’t work.

<configuration>
  <system.web>
     <sessionState timeout="60"></sessionState>
  </system.web>
</configuration>

Answer 1

The timeout property of the <sessionState> is the correct place to set it as you currently have if you want the actual Session to expire, however since you explicitly mention Forms Authentication, you may want to check out the timeout for that, as the two are different.

Do you mean the Forms Authentication Timeout?

You can adjust the specific timeout property of your Forms Authentication in your application by adjusting the timeout property within the <authentication> element of your web.config file. You will also want to be mindful that if you are using the slidingExpiration property in conjunction with timeouts as they can actually expire much earlier than the timeout listed.

<authentication mode="Forms"> 
    <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="yourTimeoutInMinutes"></forms> 
</authentication>

So if you wanted to extend the amount that the authentication token stays "alive" for to say 180 minutes (3 hours), you would set it as seen below :

<authentication mode="Forms"> 
    <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="180"></forms> 
</authentication>

Consider the Idle Timeout in IIS

You may also want to consider looking into setting the Idle-Timeout property on your server within IIS if your updated configuration properties don't seem to work (as the Idle-Timeout defaults at 20 minutes).