how to increase session timeout in asp.net?

Question

I tried following codes to increase session timeout, but no use,

code is:

<sessionState mode="InProc" cookieless="true" timeout="60">
</sessionState>

Also code at

void Session_Start(object sender, EventArgs e)
{
// Code that runs when a new session is started
Session.Timeout = 15;
}

This should work. How are you checking that your session is timing out? — Paddy, Feb 24 '14 at 14:31
take a loot at this question http://stackoverflow.com/questions/8656463/increasing-session-timeout — Ehsan, Feb 24 '14 at 14:55

skywalker2909 · Answer 1 · 2015-01-28T07:33:12.000

35

You can increase the session time-out in asp.net in any one of the following ways

Using IIS Version 7 :

Open up IIS
Select your website from the list of sites
Click on Session state on the right
Now enter your session timeout under the cookie settings

OR

Web.config : Open up your web.config file and under the system.web section add the following :

<sessionState timeout = "20" mode = "InProc" />

Replace 20 with whatever number you wish.

OR

Global.asax file : Under the Session_Start method, set the timeout property of the session to the required value like this

Session.Timeout = "20";

Note : If you are setting a session timeout in both IIS as well as web.config, then the one in IIS will override the one in web.config

Hope this helps!

edited Jan 28 '15 at 07:33

answered Feb 24 '14 at 14:49

skywalker2909

1,636
2
31
46

1

You forgot to close the sessionState tag in your example. You should write: – miguelbgouveia Jan 27 '15 at 17:27
Hey thanks for informing me on that, will update my answer with it ! much appreciated! – skywalker2909 Jan 28 '15 at 07:32
2

Actually, under IIS 7, setting the session one place sets it in the other. So if you set it in IIS, it will update the Web.config automatically, and vice versa. – d512 Feb 10 '15 at 23:18
How can we do this in code (for example if there is a "Remember me" checkbox on login)? – Worthy7 Jun 07 '16 at 00:18
20 is for minutes, hours or days? – Muhammad Awais Jun 11 '16 at 13:22
2

@MuhammadAwais - its minutes. – skywalker2909 Jun 15 '16 at 10:48
@Worthy7 - This link should be helpful --> http://forums.asp.net/t/1303629.aspx?How+to+implement+remember+me+fucctionality+of+login+page+in+asp+net – skywalker2909 Jun 15 '16 at 11:02
If you define in web.config: – Fer R Jan 31 '18 at 17:26
1

If you define in web.config: `` is redundant write again in code: `Session.Timeout = 20` Additionally for me (I needed 60 mins session duration), was necessary setup App Pool. Go to IIS admin, then App Pool, then Advanced settings, then into Process Model, set "Idle time-out (minutes)" to 60. If your website use authentication, cookie authentication expiration must be configured at least with double duration of session, if you update expiration in each request, take care of set Secure property according to setting in FormsAuthentication.RequireSSL. – Fer R Jan 31 '18 at 17:33

score 3 · Answer 2 · edited Aug 11 '16 at 17:40

3

If you are using forms authentication then the default value of session timeout is 30min.Try this code to increase session timeout.

<system.web>
  <authentication mode="Forms">
      <forms timeout="70"/>
  </authentication>
  <sessionstate timeout="80"/>
</system.web>

I think the code help you.

edited Aug 11 '16 at 17:40

EfficionDave

2,736
3
31
38

answered Feb 24 '14 at 15:06

Ajay Prasad

69
3

Hi, Can you tell me the difference between the two timeout values? i.e. `Forms` timeout & `Sessionstate` timeout – Nitin Sawant Nov 19 '14 at 06:00
@NitinSawant - here is an existing answer on stackoverflow to your query --- http://stackoverflow.com/questions/17812994/forms-authentication-timeout-vs-sessionstate-timeout – skywalker2909 Jan 28 '15 at 07:35

score 2 · Answer 3 · answered Oct 24 '17 at 10:43

2

simply,go WebConfig,then set it,

        <system.web>
    <sessionState timeout="60"></sessionState>
  <compilation debug="true" targetFramework="4.0" />
</system.web>

answered Oct 24 '17 at 10:43

user8824275

27
1

score 1 · Answer 4 · edited Jul 19 '18 at 14:38

1

<system.web>
  <authentication mode="Forms">
      <forms timeout="70"/>
  </authentication>
  <sessionState timeout="80"/>
</system.web>

It works for me, copy it to your web.config file.

edited Jul 19 '18 at 14:38

Philippe

548
8
24

answered Jun 20 '15 at 09:45

Ibrahim Kanaan

21
2

score 0 · Answer 5 · answered Jun 15 '16 at 11:58

I wanted to add my final solution. After reading that setting it in the config was "incorrect".

            if (model.RememberMe)
            {
                var ASPCookie = Request.Cookies["ASP.NET_SessionId"];
                ASPCookie.Expires = DateTime.Now.AddDays(15);
                Response.SetCookie(ASPCookie);
            }

score 0 · Answer 6 · answered Apr 12 '18 at 12:19

 <sessionState cookieless="false" timeout="30" mode="InProc"/>
  <authentication mode="Forms">
      <forms name="AppRootForms" loginUrl="LoginPage.aspx" protection="All" timeout="30" path="/" slidingExpiration="true"/>
    </authentication>
<system.webServer>
     <!--<max limit for storing session />-->
    <asp>
         <session allowSessionState="true" max="100000" timeout="00:30:00" />
    </asp>
</system.webServer>

how to increase session timeout in asp.net?

6 Answers6

Linked