ASP.NET Session State not working in Web.config as well as Global.asax

Question

I have Admin Page wherein I use to do some update work for my site. The problem is the session will expire within a minute or 30 seconds and will logout the user. I have set the Session in Web.Config of the root folder as well as in the Web.Config inside the Admin folder but still the session gets expired soon. I have set it to 60 minutes but it only lasts for 30 seconds or within a minute. Here is my web.config content of root folder

<sessionState timeout="60" mode="InProc" 
      cookieless="false"></sessionState>


    <customErrors mode="Off">
    </customErrors>
    <trace enabled="true" />
    <authentication mode="Forms">
               <forms
    protection="All"
    timeout="120"
    domain="www.marpallichande.in"
    slidingExpiration="true"
    name="auth_cookie" />  

    </authentication>

and this is my setting of web.cofing file inside the Admin folder

<sessionState timeout="60" mode="InProc"
      cookieless="false"></sessionState>

and this is my setting in Global.asax file under Session_Start method

Session.Timeout=60;

I am not getting how the session is getting expired so soon or is there any other reason for been getting logged out other than session.

If you check the Session.Timeout property at runtime, what's the current value? I see you set it at Global.asax, but does it keep the value? — OnoSendai, Jan 13 '14 at 18:06
Do you have a pre-fetching webbrowser and a logout link? (And not a logout button...) — sisve, Jan 13 '14 at 18:16
@Kaushik, a logout link is a semantically bad thing. Try and comment it out so there's nothing your browser can see that's related to the logout function, and see if your session works better. Some browsers (and browser plugin) will surf to links they believe you'll want to see next, including taking a look at that link to /logout.aspx — sisve, Jan 13 '14 at 18:30
@SimonSvensson.. Will you please let me know What other option I can keep to logout instead of logout link. — Guruprasad J Rao, Jan 13 '14 at 18:38
@Kaushik, try a simple which posts a very small
to your logout.aspx. Pre-fetching should never post forms. — sisve, Jan 13 '14 at 18:39
@OnoSendai... Yea.. I checked it and it keeps the value set.. — Guruprasad J Rao, Jan 13 '14 at 18:44
let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/45141/discussion-between-kaushik-and-simon-svensson) — Guruprasad J Rao, Jan 13 '14 at 18:47

score 6 · Accepted Answer · answered Jan 13 '14 at 18:11

6

sessionState timeout value is in minutes. I would start by removing Session.TimeOut (and any other timeout values except sessionState timeout, leave it as it is and give it a try. Also, not sure why you have two config files? Do they have same settings?

I have a similar setup but just one config file with

<sessionState mode="InProc" cookieless="false" timeout="10" />

setting it to 10 minutes.

answered Jan 13 '14 at 18:11

skolte

367
2
9

@skolte.. I have give 2 config file as I said, one in root folder and another in Admin folder. The config file in the admin folder also contains usernames which provides permission for that user to access the Pages inside that folder. Along with that I have added this session property over there. Do you suggest me to remove the session property in Admin's Web.config file. – Guruprasad J Rao Jan 13 '14 at 18:25
I would leave the config file in the root folder, remove the one from Admin folder. Leave the session property in the config file in the root folder. I would remove any other timeout values such as Session.TimeOut in global.asax that you mentioned. Are you using a master page for your application? What is the value of Session.Timeout in Page_Load in something like Site.master? – skolte Jan 13 '14 at 18:46
@skolte... Yea I have used masterpage for my website but I haven't used masterpage for Pages inside Admin folder. I am using iframes to load different pages on different events.. – Guruprasad J Rao Jan 13 '14 at 18:52
@Kaushik can you please confirm your IIS session timeout value? Here's how you would look it up for IIS 7. http://stackoverflow.com/questions/949426/session-time-out-in-iis-7 Also, it would be easier if you specify what you have tried so far so that we can rule out those possibilities. As I understand, your issue is that the web pages are getting timed out in 30 seconds or a minute when the value specified in config file is certainly not that. – skolte Jan 13 '14 at 19:07
@skolte.. IIS session timeout value is 60 minutes bro.. This is for the first time I am building a website. What I ddid is I have created an admin folder and inside that I have an Admin Page and several other pages. In Admin Page I have an iframe where I will load all the other pages on click of respective buttons. But that does'nt seem a problem right. Not sure though. – Guruprasad J Rao Jan 13 '14 at 19:37
1

@Kaushik Without more info, difficult to tell. There could be several reasons, you can create a log as suggested in http://stackoverflow.com/questions/8235448/asp-net-sessions-timing-out-early. I put together a simple sample for you to demonstrate logout. http://www35.zippyshare.com/v/27746404/file.html The session timeout is set to 3 minutes in the web config. Launch the project in VS, login, click submit button, no logic there. Let the page sit idle for 3 minutes, it will automatically be kicked back to login page. Increase the period to 5 minutes, it will expire after 5 minutes. – skolte Jan 14 '14 at 00:26
@skolte.. Thanks bro. I will surely look into it and will c if I can figure out something.. – Guruprasad J Rao Jan 14 '14 at 10:22

score 3 · Answer 2 · answered Jan 13 '14 at 18:51

write <sessionState mode="InProc" cookieless="false" timeout="10" /> in the global web.config file of your application.

define Session_OnEnd event by adding a subroutine named Session_OnEnd to the Global.asax file. The Session_OnEnd subroutine is run when the method has been called or when the session has expired. A session expires when the number of minutes specified by the Timeout property passes without a request being made for the session.

The Session_OnEnd event is supported only when the session state Mode property is set to InProc.

Session_onEnd event can be defined in global.asax as:

public void Session_OnEnd()
{
  // do your desired task when the session expires
}

There is nothing I need to do with this method. I am just having problem with maintaining session timeout — Guruprasad J Rao, Jan 13 '14 at 19:01
then you can simple write in your desired cs file to set timeout like Session.Timeout(10); // as minute, it should work. — Rashedul.Rubel, Jan 14 '14 at 08:18

score 1 · Answer 3 · answered Sep 28 '14 at 15:40

Check the root web.config for a session state setting such as:
//Timeout is in minutes
//Note for using the global.asx about InProc: SessionStateModule.End Event

The Session_OnEnd event is only supported when the session-state HttpSessionState.Mode property value is InProc, which is the default. If the session-state Mode is set to StateServer or SQLServer, then the Session_OnEnd event in the Global.asax file is ignored. If the session state Mode property value is Custom, then support for the Session_OnEnd event is determined by the custom session-state store provider.

<system.web>
<sessionState mode="InProc" cookieless="false" timeout="30" />
</system.web>

You should only have this defined in 1 location.

score 1 · Answer 4 · answered Nov 18 '21 at 14:37

There is a setting in IIS as well that may need to be updated, the "idle timeout" setting. The difference is explained here.

By default Idle Timeout is set to 20 minutes, so you will want to set that to 180. This can be done by going into IIS > Application Pools > Right Click Your App Pool > Advanced Settings:

score 0 · Answer 5 · answered Dec 16 '15 at 09:20

0

if page logout after some seconds automatically that is because of session expire

 <sessionSate mode="StateServer" cookieless="false" timeout="940"/>

write the code in web.config

I find the solution from enter link description here

answered Dec 16 '15 at 09:20

Syed Ayaz

1
2

Should be sessionState instead of sessionSate – Robert Smith May 24 '22 at 15:36
link is invalid bro – R.Akhlaghi Aug 28 '22 at 11:33

score 0 · Answer 6 · answered Dec 14 '21 at 14:14

I had the same issue in my ASP.NET MVC web project. Using the following method to set the session duration in the Global.asax.cs file works:

public class ApplicationName : System.Web.HttpApplication
{
    protected void Session_Start(object sender, EventArgs e)
    {
        /* Sets the session duration to 60 minutes. */
        Session.Timeout = 60;
    }
}

ASP.NET Session State not working in Web.config as well as Global.asax

6 Answers6

Linked