0

I'm using the Default web.config that we get once we make a new project , I didn't see any "timeout" parameter so I added it like this : 

<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout ="7">
  <providers>
    <add name="DefaultSessionProvider"
      type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
      connectionStringName="DefaultConnection"/>
  </providers>
</sessionState>

I'm logged into my account , I keep refreshing the page for like 14-15 minutes now but I'm not getting logged off . (where it's supposed to get me logged off after 7 minutes).

Da black ninja
  • 359
  • 1
  • 6
  • 19
  • 1
    note that timeout does not mean "invalidate my session after `x` minutes following a successful login". It means something more to "invalidate my session after `x` minutes of ***inactivity***". If you keep doing server requests, you're resetting the timeout counter. The way you've worded your question, if sounds like you're refreshing every few moments (let's say at one minute intervals) and expecting for the page to stop refreshing after 7 minutes, even though you've been active the entire time. – Kritner Mar 03 '16 at 13:03
  • Oh , well I was refreshing the page often , then I guess this is why ? – Da black ninja Mar 03 '16 at 13:04

2 Answers2

2

If you want authentication timeout specify in the <authentication> tag.

<authentication mode="Forms">
      <forms timeout="7"/>
</authentication>

If you want session

<system.web>
 <sessionState mode="InProc" cookieless="false" timeout="7" />
</system.web>
Mr Lister
  • 45,515
  • 15
  • 108
  • 150
xmorera
  • 1,933
  • 3
  • 20
  • 35
  • What this supposed to mean ? I added timeout = "7" – Da black ninja Mar 03 '16 at 12:53
  • Sorry, you are quick. I was adding the sample code. There you go. If I understood correctly, you want your session to time out. Thus you specify in the authentication mode what is the mode and when should it timeout. Hope this helps. – xmorera Mar 03 '16 at 12:54
  • Thanks , I still don't understand what is Authentication mode is for honestly . Kritner answered me above , I guess this is why It wasn't working . I will try to wait few minuts and see . – Da black ninja Mar 03 '16 at 13:06
  • With authentication you specify what kind of user authentication you can use. It can be Forms authentication or Windows authentication. You can read about ASP NET Authentication in MSDN: https://msdn.microsoft.com/en-us/library/eeyk640h.aspx – xmorera Mar 03 '16 at 17:25
0

There are a few ways this can be accomplished, and it depends on how your website is setup.

  1. In the web.config property sessionState

  2. Configure the IIS app pool

  3. If you're using Identity, you will want to set the ExpireTimeSpan in the ConfigureAuth()

whiteshooz
  • 61
  • 1
  • 7