Session timeout in ASP.NET

I am running an ASP.NET 2.0 application in IIS 6.0. I want session timeout to be 60 minutes rather than the default 20 minutes. I have done the following

  1. Set <sessionState timeout="60"></sessionState> in web.config.
  2. Set session timeout to 60 minutes in IIS manager/Web site properties/ASP.NET configuration settings.
  3. Set idle timeout to 60 minutes in application pool properties/performance.

I am still getting a session timeout at 20 minutes. Is there anything else I need to do?


Solution 1:

Are you using Forms authentication?

Forms authentication uses it own value for timeout (30 min. by default). A forms authentication timeout will send the user to the login page with the session still active. This may look like the behavior your app gives when session times out making it easy to confuse one with the other.

<system.web>
    <authentication mode="Forms">
          <forms timeout="50"/>
    </authentication>

    <sessionState timeout="60"  />
</system.web>

Setting the forms timeout to something less than the session timeout can give the user a window in which to log back in without losing any session data.

Solution 2:

I don't know about web.config or IIS. But I believe that from C# code you can do it like

Session.Timeout = 60; // 60 is number of minutes

Solution 3:

Use the following code block in your web.config file. Here default session time out is 80 mins.

<system.web>
 <sessionState mode="InProc" cookieless="false" timeout="80" />
</system.web>

Use the following link for Session Timeout with popup alert message.

Session Timeout Example

FYI:The above examples is done with devexpress popup control so you need to customize/replace devexpress popup control with normal popup control. If your using devexpress no need to customize

Solution 4:

In my situation, it was Application Pool. It is set to restart when idle for xx mins. When I set it to not restart, it seems to use value from Web Config.