Remo
Remo

Reputation: 389

How to set Session.Timeout

In ASP.NET application's web.config, I have something like this

<sessionState mode="InProc" cookieless="false" timeout="30"/>
  1. Is this the only place where Sessions timeouts are defined
  2. Is this timeoout in web.config the only one for all the sessions in the application.
  3. Can I not set the session timeouts for each session individually.
  4. IF so, where??
  5. I am looking to use "Keep me Logged-in", where do I have to set the timeout to Maximum

Upvotes: 1

Views: 1131

Answers (2)

Druid
Druid

Reputation: 6453

Assuming that "Keep me logged in" goes across sessions, I would set a cookie with an expiry date of a day or a week. Log them in automatically if the cookie exists, or redirect to the login page.

You can set session timeouts in the web.config file as you have described, or in the Global.asax file's Session.Start() function. For example:

protected void Session_Start(object sender, EventArgs e)
{
    Session.Timeout = 30;
}

Upvotes: 1

Gerrie Schenck
Gerrie Schenck

Reputation: 22368

The keep me logged in has nothing to do with session length, but with the lifetime of the Forms Authentication Cookie.

Upvotes: 1

Related Questions