1 
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
  <sessionState timeout="1" mode="InProc" cookieless="false" >
  </sessionState>
  <compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
  <forms loginUrl="~/Account/Login.aspx" timeout="1"/>
</authentication>

i created a session if the user is authenticated like this

if (HttpContext.Current.User.Identity.IsAuthenticated)
    {

        string name = HttpContext.Current.User.Identity.Name.ToString();
        Session["username"] = name;
    }

then i am checking if the session still exit like this

  if (Session["username"] == null)
            Response.Redirect("SessionExpired.aspx");
        else
            Response.Write("session still exist");

**the problem : **the session is not getting null after 1 min and the user is always login any help

this is the code: 

     Welcome to ASP.NET! test1
     <p>
     To  visit  test2 go to<asp:LinkButton ID="LinkButton1" runat="server" 
      onclick="LinkButton1_Click">here</asp:LinkButton> 
     </p>
     <asp:Label ID="msg" runat="server" Text=""></asp:Label>

in server side

    protected void LinkButton1_Click(object sender, EventArgs e)
   {
     if (HttpContext.Current.User.Identity.IsAuthenticated)
    {

    string name = HttpContext.Current.User.Identity.Name.ToString();
    Session["username"] = name;
    if (Session["username"] == null)
        Response.Redirect("~/SessionExpired.aspx");
    else

 msg.Text = "session still exist the session will be timedout after "+Session.Timeout+ "min";
 }
 else
    Response.Write("please login");
 }
Improve this question

3 Answers 3

Reset to default
2

Why isnt the session timeout working when set to SqlServer? i think this will help you.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

yes. in the link which i posted the user also changed the mode to "inproc"
that is right and here he is not saying he is got it working fine after changing it to InProc.. He is facing as issue while using it..
and i'm not using any sql server except the membership database that is by default implemented in asp.net
the session should time out after 1 min of inactivity. Are you doing any postbacks or any activity?
1

There is no chance to be Session["username"] object to null. so if statement useless.. 

string name = HttpContext.Current.User.Identity.Name.ToString();
    Session["username"] = name;
    if (Session["username"] == null)
        Response.Redirect("~/SessionExpired.aspx");
Improve this answer

2 Comments

how can i check if the session is expired?? if (Session["username"] == null) isn't that mean if the session variable is expired:o ?
you can check session expired before assign a value to session. not after. I mean that if statement should be upper than Session["username"] = name; line.
0

@bassem ala:though you are setting session time out period in configuration file by default asp.net checks servers session time out value.you have to manually set session values null after one minute.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.