5

I have this code in my web.config:

 <system.web>
    <authentication mode="Windows" />
        <sessionState timeout="300" />
  </system.web>

Even though sessionstate timeout is 300. It just expires in 15-20 mins and session data is lost. My Application pool and everything has correct timeout set of 300 minutes. So I believe problem is with Windows authentication only. Secondly, if I just disable the Windows authentication and remove that line, it all works out fine (i.e my session data is preserved for long duration). What can be the problem?

Thanks in advance :)

Jaggu
  • 6,298
  • 16
  • 58
  • 96
  • You should start by looking at this answer http://stackoverflow.com/questions/648992/session-timeout-in-asp-net – Henry Troup Oct 01 '11 at 20:06

2 Answers2

10

Make sure the idle timeout isn't set on the app pool in IIS. The default for that setting is 20 minutes (which leads to confusion over whether the timeout was triggered by session timeout or idle timeout) and in most cases can be safely set to 0, which turns it off.

To check the idle timeout in IIS, go to Advanced Settings for the app pool.

The idle timeout is a sliding window based on activity for the app, so requests from any client will reset the window. If your app is lightly used, you'll hit the timeout frequently, causing your app pool to recycle. The impact to users is that any sessions that had been active will be lost, and users walking up to your app after it has been idle will have to wait for it to run all of its start up processes.

Jon Crowell
  • 21,695
  • 14
  • 89
  • 110
0

Windows Authentication Timeout:

If the users are logging onto a windows environment and it is controlled by active directory (domain) there is the chance that there is a domain policy in place to log the user out of the "windows session" after so many minutes of inactivity, this would be done for security reasons. I think your next step would be to talk with whoever is in charge with the windows network and pass it off to them.

Subhankar
  • 126
  • 6