0

I have an issue with my site where user sessions are being logged out after 15 minutes of inactivity.

When this happens, if a user clicks on any link it takes them back to the login page.

I would like to increase the duration by which a user session is logged out to 2 hours.

Here is the method where the initial authentication takes place:

[HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public ActionResult Login(LoginModel model, string returnUrl)
        {
            var mcookie = new AbcCookie();

            if (ModelState.IsValid)
            {
                using (var marvRepo = new AbcRepositry())
                {
                    var passwordHash = Abc.Web.Portal.Helpers.Security.CreatePasswordHash(model.Password);

                    var userAccount = marvRepo.GetAbcUser(model.UserName,model.PartnerAccessCode);

                    if(userAccount != null && userAccount.Password == passwordHash && userAccount.PartnerAccessCode == model.PartnerAccessCode.ToUpper())
                    {
                        mcookie.GetMMformsauthentication(userAccount, model.RememberMe);


                           return RedirectToLocal(returnUrl);
                    }
                    else
                    {
                        ModelState.AddModelError("", "The user name,access code or password provided is incorrect.");
                    }


                }

        }

And here is the forms authentication.

public void GetMMformsauthentication(UserAccount useraccount, bool createPersistentCookie) { const string UnknownUsername = "anonymous";

        // Composing UserData to be stored in the auth cookie
        var userCookieData = new AbcUserCookieData()
        {
            UserId = useraccount.UserID,
            Password = useraccount.Password,
            PartnerAccessCode = useraccount.PartnerAccessCode
        };

        var ticket = new FormsAuthenticationTicket(1, string.IsNullOrEmpty(useraccount.UserID) ? UnknownUsername : useraccount.UserID, DateTime.Now,
                                                                         DateTime.Now.AddDays(100), createPersistentCookie, userCookieData.ToString(), FormsAuthentication.FormsCookiePath);
        var hashedCookie = FormsAuthentication.Encrypt(ticket);

        HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

        var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashedCookie); // Hashed ticket
        authCookie.HttpOnly = true;
        authCookie.Expires = ticket.Expiration;
        authCookie.Path = ticket.CookiePath;
        authCookie.Secure = false;
        HttpContext.Current.Response.SetCookie(authCookie);
        //System.Web.HttpContext.Current.Response.Cookies.Add(authCookie); 
    }
}

I have tried to increase the duration of the authentication ticket but the session times out after 15 minutes regardless of whatever value is used.

I added the following to my web.config in an effort to see if this will resolve the problem.

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

I am assuming the “timeout” value is in minutes(I intentionally set the value to a high number)

I have tried everything but my session is still automatically logged out after 15 minutes.

Does anyone have an idea what may be causing the log in session to end after 15 minutes?

user1526912
  • 15,818
  • 14
  • 57
  • 92
  • Have you searched for "IIS session timeout" and found nothing helpful? Have you set `SlidingExpiration` (if that's what you want)? – HABO Jul 13 '14 at 15:52
  • I havent added SlidingExpiration because thats not what I want exactly. I want the login session to timeout at exactly 2 hours. I have also added this to my web.config: – user1526912 Jul 13 '14 at 18:09

0 Answers0