mvc 5 session timeout after default period (20 mins)

Question

My MVC 5 site has web.config like this:

<authentication mode="Forms">
  <forms name=".ADAuthCookie" loginUrl="~/Account/Login" 
       timeout="2880" slidingExpiration="true" protection="All" />
</authentication>

but timeout doesn't work. It doesn't matter what value I give here, it always expires after 20-30 mins. How can I maintain users logged in for longer period or until they sign-out?

Is there any way I can achieve this using "In-Proc" only? Or I am missing something here?

score 43 · Accepted Answer · edited May 23 '17 at 11:47

43

You are dealing with two separate issues, auth timeout and session timeout. Session timeout is controlled by the following key in web.config...

  <system.web>
    <sessionState mode="InProc" timeout="30" />
  </system.web>

I'm not sure which you are encountering but I suspect it is the session timeout you are encountering rather than the authentication timeout... Try removing the timeout from your forms tag entirely and see if that gives you what you are looking for.

More information here- forms timeout issue in asp.net mvc

edited May 23 '17 at 11:47

Community

1
1

answered Mar 12 '14 at 23:22

Kelly Robins

7,168
6
43
66

3

I tried this, but the authenticated login remains valid even after waiting beyond the `timeout` duration. – Old Geezer Apr 08 '15 at 03:25
@OldGeezer I guess session timeout should be >= your form authentication timeout. – Rathma Jan 04 '18 at 22:52

mvc 5 session timeout after default period (20 mins)

1 Answers1

Linked

Related