session timeout not working in mvc

Question

I have done this in my web.config.

<system.web>
  <sessionState mode="InProc" timeout="3"></sessionState>
  <authentication mode="Forms" >
    <forms loginUrl="~/Account/Login" timeout="2880"/>
  </authentication>

After session timeout it clears all the data, but it is not redirected to the login page.

score 0 · Answer 1 · edited May 23 '17 at 12:14

0

Session timeout has nothing to do with authentication timeout - an InProc session is held in memory whereas the authentication token is a cookie which contains an expiry date/time.

What you would have to do is force the expiration of the authentication ticket in the Session_Ended event in the global.asax - see this answer on how to do that as it's not just as simple as calling FormsAuthentication.SignOut.

edited May 23 '17 at 12:14

Community

1
1

answered Nov 17 '14 at 15:57

James

80,725
18
167
237

protected void Session_End(object sender, EventArgs e) { FormsAuthentication.SignOut(); Session.Clear(); Session.Abandon(); Response.RedirectToRoute("~/Account/LogOff"); } – van Nov 17 '14 at 17:05
session_end hits but not redirected.Also unable to signout. – van Nov 17 '14 at 17:05

session timeout not working in mvc

1 Answers1