|
Question : Early session timeout using forms authentication.
|
|
Ok, I am at the hair-pulling out stage here. Apologies in advance for the long post, I wanted to supply as much detail as possible to help track down this problem.
I have an ASP.Net web application, which uses forms authentication. I have set both the session timeout and forms timeout values to 6,000 minutes (yes, I realize this is an exagerated number).
I have constructed a page which, when a button is pressed, will refresh the page and indicate back to me if the session is a new session (Session.IsNewSession).
After roughly 30 minutes, the session times out.
Here is the breakdown of the sample application I created to try and analyze this problem:
In the web.config file, I have the following segment defined:
===============================================================================
loginUrl="Login.aspx"
timeout="6000">
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="6000" />
The "Login.aspx" file has the authentication setup to allow any login and password, as long as they are not empty. This is for testing purposes only.
===============================================================================
private void DoLogin_ServerClick(object sender, EventArgs e)
{
// All entries are valid for this test, as long as they are entered
string sLogin = LoginID.Text;
string sPassword = Password.Text;
if ((sLogin.Length > 0) && (sPassword.Length > 0))
{
// This is part of the forms authentication logic
FormsAuthentication.SetAuthCookie( sLogin, false );
// If user wanted to go to a different page, take them there
if (Request.QueryString["ReturnURL"] != null)
Response.Redirect( Request.QueryString["ReturnURL"], true );
}
}
My "Testing.aspx" page, is setup as follows
The front end portion is:
===============================================================================
<%@ Page language="c#" Codebehind="Testing.aspx.cs" AutoEventWireup="false" Inherits="Timeout.Testing" %>
Testing
t content="JavaScript">
http://schemas.microsoft.com/intellisense/ie5">
While the code behind portion (class only) is:
===============================================================================
public class Testing : System.Web.UI.Page
{
protected System.Web.UI.HtmlControls.HtmlInputHidden LastRefreshTime;
protected System.Web.UI.WebControls.Button PostPage;
protected System.Web.UI.WebControls.Label PreviousTime;
protected System.Web.UI.WebControls.Label CurrentTime;
protected System.Web.UI.WebControls.Label ElapsedTime;
protected System.Web.UI.WebControls.Label SessionStatus;
protected System.Web.UI.WebControls.Button TestConfig;
protected System.Web.UI.WebControls.Label SessionTimeoutValue;
private void Page_Load(object sender, System.EventArgs e)
{
string sErrSec = "";
DateTime dtNow = DateTime.Now;
DateTime dtThen;
try
{
if (!Page.IsPostBack)
LastRefreshTime.Value = dtNow.ToShortDateString() + " " + dtNow.ToLongTimeString();
PreviousTime.Text = LastRefreshTime.Value;
CurrentTime.Text = dtNow.ToShortDateString() + " " + dtNow.ToLongTimeString();
dtThen = DateTime.Parse(LastRefreshTime.Value);
TimeSpan tsDiff = dtNow.Subtract(dtThen);
int iHr, iMn, iSc;
iHr = tsDiff.Hours;
iMn = tsDiff.Minutes;
iSc = tsDiff.Seconds;
ElapsedTime.Text = iHr.ToString() + ":" + (iMn < 10 ? "0" : "") + iMn.ToString() + ":" + (iSc < 10 ? "0" : "") + iSc.ToString();
SessionTimeoutValue.Text = Session.Timeout.ToString();
if (Context.Session != null)
{
if (Session.IsNewSession)
{
SessionStatus.Text = "Session Timed Out!";
SessionStatus.CssClass = "alert";
PostPage.Enabled = false;
}
else
SessionStatus.Text = "Session is active";
}
Response.Write("ScriptTimeout=[" + Server.ScriptTimeout.ToString() + "]
");
Response.Write("Session.Timeout=[" + Session.Timeout.ToString() + "]
");
}
catch (Exception ex)
{
Response.Write("ERROR {" + sErrSec + "}: " + ex.Message);
}
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
///
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
///
private void InitializeComponent()
{
this.PostPage.Click += new System.EventHandler(this.PostPage_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void PostPage_Click(object sender, EventArgs e)
{
DateTime dtNow = DateTime.Now;
LastRefreshTime.Value = dtNow.ToShortDateString() + " " + dtNow.ToLongTimeString();
}
}
===============================================================================
What is causing the session to timeout after 30 minutes?
I have set the session timeout value in the web.config file.
I have set the timeout value for the forms authentication section.
I see no reason why this should timeout after 30 minutes...please help!
|
|
|
Answer : Early session timeout using forms authentication.
|
|
There is a tag called if this is false then web.config cannot be applied.
Also check IIS that the site has Session State enabled and set the timeout there to 480 (8 hours).
Also, In the Machine.Config file there is a tag/section called processModel. Change the value of the attribute logLevel="Errors" to logLevel="All" If the worker process is getting recycled for any reason the event will be sent to the event viewer. IF it is getting recycled then session gets recyled with it.
Other help on the machine.config file for the processModel section can be seen at http://samples.gotdotnet.com/quickstart/aspplus/doc/procmodel.aspx
|
|
|
|
|
