12

I'm amending a Session time out in the Web.Config for an ASP.NET application written in C# and currently I have the timeout set to 120 minutes as shown below:

<sessionState mode="InProc" cookieName="Application_SessionId" timeout="120"/>

Is there a limit to this value? So if for example I wished to set it to 24 hours (1440 minutes) would this be applied?

It's ASP.NET version 4.0 with MVC 2.0

Web Develop Wolf
  • 5,996
  • 12
  • 52
  • 101

3 Answers3

23

The Timeout property cannot be set to a value greater than 525,600 minutes (1 year). The default value is 20 minutes.

Disadvantage: You will have performance issues if you have large number of users and with increase in session timeout, your inactive sessions will remain in Web server memory which may cause application pool to recycle, which would result in loosing all sessions for all users.

Suman Banerjee
  • 1,923
  • 4
  • 24
  • 40
  • When I log into Facebook, I can come back a week later and I'm still logged in. This is of great value to me. So are you saying if I make it a week or so for my MVC application that it will have performance ramifications? Is there another way to increase session length? – Jonathan Wood Aug 19 '17 at 14:50
  • @JonathanWood I'm guessing they have a separate, lightweight authentication server for this purpose, or use some other kind of cookie – Daniel Jan 05 '21 at 00:55
7

by default the value is 20 and the maximum value is 525600 (525600 minutes equivalent to one year). Maintain below code in your Web.config file to maintain maximum session timeout:

<system.web>
    <sessionState mode="InProc" timeout="525600"></sessionState>
    ...
</system.web>

Above one worked for me. Please refer here

Nani
  • 1,148
  • 3
  • 20
  • 35
4

I am not sure if it makes sense to set the session timeout to 24 hours, but yes it would be applicable to set it to a maximum of 365 days i think.

sm_
  • 2,572
  • 2
  • 17
  • 34