iis 7 – timeout and auto logout in asp.net 2.0 with IIS 7 even after doing all the possible settings – Education Career Blog

I have an ASP.NET 2.0 web site hosted on Windows Server 2008 with IIS 7. I am using InProc session mode (specified in web.config). My client wants the timeout to be of 3 hours, meaning if the web site is idle, session should remain alive for 3 hours. Currently, what is happening is that if the web site is idle for 20-30 min. and if the user to tries to access any link, it redirects to login page.

I searched on internet and did all the possible settings (as follows):

  1. In web config, session state, time out = 180 minutes.

  2. In web config, forms authentication, time out = 180 minutes.

  3. In IIS 7, Site->Features View->Session state – Session State Mode Setting: In Proc and Cookie Setting->Time out = 180 minutes

  4. In IIs 7, Site->Features View->ASP->Services->Session Properties->Time out = 03:00:00 hours

  5. In IIS 7, Application Pools->Site->Advanced Setting->Process Model->Idle Time-out = 180 minutes.

Even after doing all these settings, timeout has not increased and still if the web site is idle for 20-30 mins. and user tries to access the link, it redirects to login page.

Additional Information:
Whenever it redirects to login page after idle of 20-30 mins., and if I check the event log on server, it says something like (I am not sure whether this error is related to this particular issue or not):
“Forms authentication failed for request. Reason: The ticket supplied has expired”

,

How does your code issue the authentication ticket once users log in? The documentation says that the expiration attribute will overwrite whatever you set in the web.config – that might be the issue.

If the ticket is generated manually by
using the FormsAuthenticationTicket
class, the time-out can be set through
the Expiration attribute. This value
will override the timeout attribute
value specified in configuration
files.

Leave a Comment