inconsistent timeout periods

[Arthur Dent]

Hello all,

I am having a significant problem with the security in my app. I am
experiencing a problem, where the session apparently times out, and all my
session data is reset just as if a new session was started, ... but the
FormsAuthentication ticket doesn't expire, and so i wind up with a user who
is no longer actually logged in being able to access sections of the site
which are locked down using the "LOCATIONS" node of the web.config file and
application roles.

How can i make sure my session and authentication ticket both expire
together?

Thanks in advance,
- Arthur Dent.

 

[Dominick Baier]

you can set the timeout in the <sessionState> <forms> element respectively.

But it sounds very much like your appdomain recycles at some point - usually
session is sliding expiration.

Are you by any chance doing some file operations in your web app, or other
stuff like:

Machine.Config, Web.Config or Global.asax are modified
The bin directory or its contents is modified
The number of re-compilations (aspx, ascx or asax) exceeds the limit specified
by the <compilation
numRecompilesBeforeAppRestart=/> setting in machine.config or web.config
(by default this is set to 15)
The physical path of the virtual directory is modified
The CAS policy is modified
The Web service is restarted
Application Sub-Directories are deleted