How to increase session timeout time in Asp .Net MVC 5?

Question

Application logout automatically in few seconds, i want to increase it to 30mins.

I have done some code in web.config file but it doesn't work. i have researched many articles on it but i could not resolve it.

Web.config code :

<sessionState mode="InProc" timeout="1800"></sessionState>
    <authentication mode="Forms">
      <forms loginUrl="~/Login" timeout="1800">
      </forms>
    </authentication>

The configuration you show works. If your sessions still seem to time out, there's something else going on. Explain what your hosting environment looks like, show relevant code that uses the session and explain what behavior exactly you experience. — CodeCaster, Aug 13 '16 at 15:17
Isn't `sessionState` `timeout` supposed to be in minutes? It looks like in your code would be seconds (30 minutes * 60 = 1800) — Csaba Toth, Jul 14 '19 at 01:09

Jeff Siver · Answer 1 · 2016-08-13T15:13:42.243

Session State & Authentication timeouts are in minutes not seconds. So, you should have

<sessionState mode="inProc" timeout="30" ></sessionState>
<authentication mode="Forms">
      <forms loginUrl="~/Login" timeout="30">
      </forms>
</authentication>

Also, you should be aware that the way this is setup, the authentication will timeout 30 minutes after it was granted while the session will extend the 30 minutes to be from last access. To make these two closer to syncing up, you should add slidingExpiration="True" to the forms element.

If, after these changes, it is still logging you out after a few seconds, take look at:

Is the cookie getting created in the website? It's name will be .ASPXAUTH and it should be a session cookie.
Are you closing the browser when the timeout occurs?
Do you have multiple applications using the same authentication method?

The default for sessionState is slidingExpiration="True" so there is no need to set it implicitly — Dror, Feb 05 '17 at 18:51
slidingExpiration forces the timer to start over for expiration in some cases. But there are still many reasons to change the timeout period. — Jeff Siver, Feb 06 '17 at 20:40

score -1 · Answer 2 · answered Aug 13 '16 at 14:54

-1

Another place this can be set is in your Global.asax file. If the sessionState isn't working in your web.config file, I suggest taking a look in there. Apparently the Global.asax file will override the web.config file. It can be set like this:

Session.Timeout = 30;//Timeout expects an integer representing minutes

answered Aug 13 '16 at 14:54

Drew Kennedy

4,118
4
24
34

I did this but is gave me an error `Session state is not available in this context.` – Manish Tiwari Aug 13 '16 at 16:47
I don't suggest this approach, but I tested it inside Session_Start without any error. – QMaster Mar 28 '17 at 11:48

How to increase session timeout time in Asp .Net MVC 5?

2 Answers2