ASP.Net MVC: Session duration?

Question

Due to the complex business logic, I had to implement myself the authentication. I'm storing the authentication with:

FormsAuthentication.SetAuthCookie(identifier,false);

The False is to indicate that we don't want to have persistent cookie

I've to also store in session some informations(one information that the user has to enter to login, indicating for which set of data he wants to access).

I'm storing those data through model binder.

It's working fine most of the time. But sometime after an inactivity period, we are still logged but we don't have any data in session.

I would like that the duration of my session is the same than the login session, to avoid this kind of "I'm logged but I've lost some data in the session".

I don't need/want to have a persistent connection.

How should I proceed to have this system?

Answer 1

In fact, There was a Session timeout by default in the IIS Application pool, so, to avoid this problem:

1. Go on IIS Manager
2. Go on the ServerName/Application Pools tab
3. Right click on the concerned application pool
4. Click on Advanced Settings,
5. In the section "Process Model", put an higher value in the "Idle Time-out"(this is in minutes
6. Click on OK
7. Restart the application pool

For me, this + the Yannis config(setting the same value for the form timeout+session state timeout) worked.

Answer 2

I believe the FormsAuthentication uses its own timeout. You can configure your web.config accordingly:

<system.web>
    <authentication mode="Forms">
          <forms timeout="50"/>
    </authentication>

    <sessionState timeout="50"  />
</system.web>