Reputation: 389
In ASP.NET application's web.config, I have something like this
<sessionState mode="InProc" cookieless="false" timeout="30"/>
Upvotes: 1
Views: 1131
Reputation: 6453
Assuming that "Keep me logged in" goes across sessions, I would set a cookie with an expiry date of a day or a week. Log them in automatically if the cookie exists, or redirect to the login page.
You can set session timeouts in the web.config
file as you have described, or in the Global.asax
file's Session.Start()
function. For example:
protected void Session_Start(object sender, EventArgs e)
{
Session.Timeout = 30;
}
Upvotes: 1
Reputation: 22368
The keep me logged in has nothing to do with session length, but with the lifetime of the Forms Authentication Cookie.
Upvotes: 1