Preventing auto log out?

Question

In ASP.NET Forms authentication how can I prevent or extend the time that ASP.NET from automatically logging me out? And, also what does that have to do with session state, i.e do I need to extend session, as well?

This is one of the properties that I found on this

Membership.UserIsOnlineTimeWindow

And another

<authentication mode="Forms">
  <forms loginUrl="login.aspx" timeout="15"/>
</authentication>

And another, I think this may be the proper way?

<system.web>
    <authentication mode="Forms">
          <forms timeout="50000000"/>
    </authentication>
</system.web>

I would like some explanation how all of these relate. I remember, also, vaguely doing something with session state on a problem like this before.

Here is a similar question with a partial answer, http://forums.asp.net/t/903256.aspx

It sounds like Member.IsUserOnlineTimeWindow is just for the database functions and not the auth cookie?

Answer 1

Here are all the relevant nodes I can think of. You should be looking especially at the sessionState and authentication forms nodes.

Web.config nodes

<system.web>
    <authentication mode="Forms">
        <forms timeout="60" />
    </authentication>
    <sessionState timeout="60" />
    <membership userIsOnlineTimeWindow="60" />
    <roleManager cookieTimeout="60" />
</system.web>

Code Changes Explanation

• forms timeout Specifies the time, in integer minutes, after which the cookie expires.
• sessionState timeout Specifies the number of minutes a session can be idle before it is abandoned.
• membership userIsOnlineTimeWindow The number of minutes after the last-activity date/time stamp for a user during which the user is considered online.
• roleManager cookieTimeout The number of minutes before the role names cookie expires.