1

If I am seting Session Timeout like less then 20 mins everything is working fine.

But if it is > 20 mins it doesnt work. It happens with VS 2013 and Production IIS.

Here is a code I have use.

How to fix that issue? Thank you!

STARTUP.AUTH

  public partial class Startup
    {  
        public void ConfigureAuth(IAppBuilder app)
        {
            var sessionTimeout = 5;

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                ExpireTimeSpan = TimeSpan.FromMinutes(sessionTimeout),
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login")
            });
}

GLOBAL.ASAX

 protected void Session_Start(object sender, EventArgs e)
        {

                Session.Timeout = 5;

        }

P.S. WEB.CONFIG

   <sessionState mode="InProc"  />

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" defaultUrl="~/Account/Login" name="MyApp123"   />
    </authentication>
Improve this question
17
  • Have you tried using ExpireTimeSpan = new TimeSpan(0, 0, 5, 0) Commented Oct 17, 2014 at 13:53
  • 2
    Explain what "doesn't work" means. There is no timeout? It still times out at 20 mintues? There's no session at all? How are you measuring that it's timing out? FYI, Authentication timeout is not Session Timeout, they are two different things. Commented Oct 17, 2014 at 16:29
  • @ErikFunkenbusch Look, I set timeout 10 hours via my code. But it expires after 20 minutes. That's the issue. Commented Oct 17, 2014 at 16:35
  • 1
    You could store your session in SQL Database or increase the Idle timeout of IIS. I would suggest that a session database would be a better approach as you shouldn't really rely upon InProc, especially if you want a session to last 10 hours. Commented Oct 17, 2014 at 16:39
  • 1
    @ClarkKent - If you're using ASP.NET Identity, you should have Authentication mode="None", and you should have a remove statement in the modules to remove FormsAuthentication. Commented Oct 17, 2014 at 17:49

1 Answer 1

Reset to default
2

It sounds like you have FormsAuthentication configuration still in your web.config. You're using ASP.NET Identity, which conflicts with the old FormsAuthentication.

Change to this:

<authentication mode="None"/>

And make sure you have this:

<system.webServer>
    <modules>
        <remove name="FormsAuthentication" />
    </modules>
</system.webServer>

You can also just generate a default Web project with asp.net identity, and look at the web.config, which will have the same entries. Note that the V1 Identity template had a typo that used "FormsAuthenticationModule" instead of "FormsAuthentication" in the remove element. If you're using v2 or better they fixed that typo.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.