How to set session timeout

G

Geigho

Setting session timeout in web.config file does not seem
to have any effect. Any explanation or suggestion will be
appreciated.
 
G

geigho

I am using a form based login. It does not matter what
value I set timeout to (e.g timeout="1", timeout="20",
timeout="120", etc), the application always takes me back
to the login form after approximately 20 minutes of not
posting the page back to the server.

<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password=" cookieless="true" timeout="1" />
 
M

Marina

forms authentication and session state are not related.

youre forms authentication timeout specifies how long after a period of
inactivity should the user be taken back to the login page.

Session state just says how long to maintain session data for. If the
session timeout is shorter then the authentication timeout, the session data
will dissapear, but the user will still be authenticated, and thus not be
asked to relog in.
 
G

geigho

Thanks! But how do you set forms authentication timeout?
If I saved authentication flag in a session variable and
the session timed out, is the variable still available?
If not, then won't this cause the login page to be
redisplay since the authentication code (logic) cannot
read the value set in the session variable?
 
J

Jeff Ptak

You set this value in the constructor for the
FormsAuthenticationTicket as shown below. After your user
is authenticated, try something like the following:

FormsAuthenticationTicket tkt;
string CookieStr;
HttpCookie ck;

// Create new Auth Ticket. Last argument authentication
timeout expressed in seconds.

SessionTimeout = 30; //Timeout in minutes

tkt = new FormsAuthenticationTicket(txtUserName.Text,
false, SessionTimeout * 60);

// Encrypt ticket
CookieStr = FormsAuthentication.Encrypt(tkt);

// Create the cookie
ck = new HttpCookie(FormsAuthentication.FormsCookieName,
CookieStr);

//Add cookie to HTTP header
Response.Cookies.Add(ck);

// Redirect to the main page
Response.Redirect("Default.htm", true);

HTH.

J. Ptak
 
G

geigho

Thanks.

-----Original Message-----
You set this value in the constructor for the
FormsAuthenticationTicket as shown below. After your user
is authenticated, try something like the following:

FormsAuthenticationTicket tkt;
string CookieStr;
HttpCookie ck;

// Create new Auth Ticket. Last argument authentication
timeout expressed in seconds.

SessionTimeout = 30; //Timeout in minutes

tkt = new FormsAuthenticationTicket(txtUserName.Text,
false, SessionTimeout * 60);

// Encrypt ticket
CookieStr = FormsAuthentication.Encrypt(tkt);

// Create the cookie
ck = new HttpCookie(FormsAuthentication.FormsCookieName,
CookieStr);

//Add cookie to HTTP header
Response.Cookies.Add(ck);

// Redirect to the main page
Response.Redirect("Default.htm", true);

HTH.

J. Ptak

.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
474,085
Messages
2,570,597
Members
47,218
Latest member
GracieDebo

Latest Threads

Top