0

I am using custom session mode in asp.net MVC and set the timeout to 2 minutes. But after 2 minutes session is not expiring ?

<sessionState timeout="10" mode="Custom" customProvider="DynamoDBSessionStoreProvider" cookieless="false" regenerateExpiredSessionId="true">
  <providers>
    <add name="DynamoDBSessionStoreProvider" type="Amazon.SessionProvider.DynamoDBSessionStateStore" Region="us-west-2" Application="--" Table="ASP.NET_SessionState" ReadCapacityUnits="3" WriteCapacityUnits="1" CreateIfNotExist="true" AWSAccessKey="--" AWSSecretKey="--" />
  </providers>
</sessionState>
<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" defaultUrl="~/Home" timeout="10" slidingExpiration="false" />
</authentication>
Amita
  • 21
  • 1
  • 4
  • It seems like the `DynamoDBSessionStoreProvider` isn't properly handling expiration. It seems like you should open an issue on https://github.com/aws/aws-dotnet-session-provider or maybe you should just fork it yourself – Chris Marisic May 04 '16 at 17:32
  • @ChrisMarisic if i set normal asp.net session like this "" then also session not expiring. – Amita May 04 '16 at 19:19
  • Have you set a break point in the global asax and verified that session end NEVER gets called? http://stackoverflow.com/a/621762/37055 – Chris Marisic May 04 '16 at 21:14
  • @ChrisMarisic Yes, debugger is coming on global asax. – Amita May 05 '16 at 15:01
  • If the session_end method is called, the session is properly expired. Unless the provider is broken. – Chris Marisic May 05 '16 at 15:13
  • @ChrisMarisic storing session in private readonly HttpContextBase _httpContext; – Amita May 05 '16 at 16:13
  • @ChrisMarisic is authentication has to do something session ? – Amita May 05 '16 at 17:41
  • Authentication and session are in a very close proximeter but they are wholly separate. Generally you kill sessions when someone logs out, but individual sessions and auth tokens frequently expire and renew entirely independent of each other – Chris Marisic May 05 '16 at 20:35
  • @ChrisMarisic I have set the session and authentication settings as " " but my session is not expiring. Can you please tell me how can I make it to expire ? – Amita May 07 '16 at 06:31
  • If you're using ASP.NET out of box, your analysis is wrong. Session expiration works properly. There would be thousands if not millions of users reporting session expiration was broken out of box. IIRC there's around 5 **million** .NET developers. Your problems would not be unique unless they're caused by your environment – Chris Marisic May 09 '16 at 01:33

0 Answers0