3

I have a wired scenario in one of my ASP.net application.

I am using ASP.net membership with my custom "roleManager",

and having below tag in web.config to restrict any user not having role of "Keywords"(roles) to access "Keywords"(path) folder

<location path="Keywords">

<system.web>

<authorization>

<allow roles="Keywords"/>

<deny users="*" />

</authorization>

</system.web>

</location>

If any user with some other role allow to assess this URL (Keywords in this case) will be redirected to a custom- Access denied page.

Now things working fine but when I left my application with a inactivity of 30 min I am not able to visit the "Keywords", all the time I end up with the custom- Access denied page, if I close the browser, login again it start working fine.

Please help me in this case.

Thanks in advance

Improve this question
1

2 Answers 2

Reset to default
2

ASP.NET sessions time out after 20 minutes by default, I think.

You can extend this by specifying a longer time (in minutes) in the Web.config:

<system.web>
    <sessionState timeout="60"/>
    ...
</system.web>

If you are authenticating via Forms, you should raise the authentication cookie timeout value to match.

Also bear in mind that, when running the site under IIS, you should probably extend the application pool's idle timout to something similar. If you don't do this, the HttpApplication instance for your ASP.NET site will be unloaded, destroying any active sessions in the process.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I have added <sessionState mode="InProc" cookieless="false" timeout="30"/>also I have set timeout="365" inside <authentication mode="Forms"> element in my webconfig. All is working fine but when I left session opened for more then 30 mins it dosent allow me to access those pages where I have set <deny users="" /> in location tag but when I tried with setting <deny users="?" /> it works fine.I need <deny users="" /> bcos it will restrict any user not having role to my folder.
Why are you expecting that sessions will somehow work beyond their timeout value?
Joe first let me thank you for your quick reply that I forgot last time! well when my session times out, user redirected to login page if she clicks on any link(server request), after providing credintials I redirect her back to the page she was working on, by using Request.QueryString["ReturnUrl"]. but as she logis in again, she gets my custom-access denied page, even in new tab in same IE browser user is not able to access the page, she has to close the window! :-(
0

Usually, the first and easiest thing to do is just change the configuration/system.web/sessionState@timeout value to something like “90″

<sessionState timeout="90" />

it still appears to be timing out after 20 minutes. *This doesn’t make any sense, it explicitly says that the session timeout should be exactly 90 minutes.*

There’s a couple of issues that are tied together here:

  1. The application pool’s worker process default idle timeout is also set to 20 minutes
  2. The default mode of storing session state is in the IIS process

The settings for the application pool can be found by clicking Properties (IIS 6) or Advanced Settings (IIS 7.5) on the application pool that the application is assigned to.

Ensure the value of "Idle-Time-out(minutes)" is set to the timeout of your session, at a minimum (ex 90), to ensure that all sessions persist for the entire session timeout period.

try this solution if still there is a problem refer to this article it tell more option to try

http://asp-net.vexedlogic.com/2012/05/23/aspasp-net-session-timeout-how-do-i-change-it/

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.