2

We have a ASP.Net MVC Web Application that keeps timing out after exactly 30 minutes.

In the web.config, I set the sessionState timeout value to 500 minutes. After 30 minutes, the session still times out. So, I set it to 1 minute, which actually works. The session times out after exactly 1 minute.

Then, I added the following code to Session_Start in Global.asax.cs:

Session.Timeout = 500;

This effectively overrode the 1 minute timeout setting in the web.config. But, like clockwork, the session still timed out at exactly 30 minutes.

What can I do to make IIS honor the Session Timeout value?

crackedcornjimmy
  • 1,972
  • 5
  • 26
  • 42
  • Are you sure this is what you really want? Sessions should be used to cache information in order to improve performance across requests, but not for long-term storage of data. Use persistent cookies to ensure that users don't have to log in repeatedly, and save everything else so that it can be restored if the session is lost. Also protects you from application pool recycles, iis restarts, etc. – Morten Mertner Apr 25 '13 at 22:30
  • Yes. That is ultimately where we are going with the application. Currently, in this beta version, we need this part to work correctly. – crackedcornjimmy Apr 25 '13 at 22:50

1 Answers1

3

It sounds to me that your application pool is recycling after 30 minutes, which effectively kills all in memory sessions in IIS.

Below is some more information around the app pool recycling, how you can control it and also log those events.

http://www.iis.net/configreference/system.applicationhost/applicationpools/add/recycling

http://forums.asp.net/t/1663248.aspx/1

Tommy
  • 39,592
  • 10
  • 90
  • 121
  • Thank you. I am trying that now. I have set the sessionState to 500 minutes and the Session.Timeout in the Global.asax to 500 minutes and the Application Pool idle time recycle to 10 minutes. I expect this to time out at 10 minutes. Then, I will determine if it goes longer than 30 minutes. – crackedcornjimmy Apr 25 '13 at 22:52
  • We are going to move out of managing user data in the session in the next release. But this was actually the answer. The idle time setting in the application pool can be lengthened. Only problem, as Morten Mertner commented above, that isn't the only reason that the App Pool recycles and thus relying on the session is unreliable. – crackedcornjimmy Apr 26 '13 at 16:22