Regarding Session Timeout

Question

I have a problem regarding Session Time Out.How can we store a user Session for 1 day.So that if the user Logout.It doesn't affect the user session and User session continues for one day.

Answer 1

You can change the default session timeout in your web.config file.

As ASP.NET Session State describes, you can do something like this and you can change the time out peroid

<configuration>
  <sessionstate 
      mode="inproc"
      cookieless="false" 
      timeout="20" 
      sqlconnectionstring="data source=127.0.0.1;user id=<user id>;password=<password>"
      server="127.0.0.1" 
      port="42424" 
  />
</configuration>

Answer 2

You don't want to use sessions for that. (At least not InProc sessions.)

You can increase the timeout of sessions, but that means that every visitor will have a Session object that survives for a day after they left the site (assuming that you actually store something in the Session object). If you have 10000 visitors per day, that means that there will be around 10000 Session objects lurking in memory all the time.

The application pool is normally recycled periodically, which means that all current Session objects are lost.

You could store the user identity in a persistent cookie, and any additional data in a database. You could also use out-of-proc sessions, as Darin Dimitrov suggested.

Answer 3

You can set the timeout property in the <sessionState> element in web.config. This being said, if you are using InProc sessions (stored in-memory) you should be aware that IIS could recycle the application pool under some circumstances (period of inactivity, CPU/memory limit threshold are reached, ...). When this happens if the sessions are stored in memory of the server they will be destroyed. To workaround this you could use out-of-proc sessions (StateServer or SQL). You can read about the different session state modes.