How to set session timeout

[Geigho]

Setting session timeout in web.config file does not seem
to have any effect. Any explanation or suggestion will be
appreciated.

[Marina]

That would be the way to do it.

What makes you think that it is not working?

"Geigho" <ighodaro@zeonchemicals.com> wrote in message
news:0a7501c34a25$55ed5b50$a501280a@phx.gbl...

> Setting session timeout in web.config file does not seem
> to have any effect. Any explanation or suggestion will be
> appreciated.

[geigho]

I am using a form based login. It does not matter what
value I set timeout to (e.g timeout="1", timeout="20",
timeout="120", etc), the application always takes me back
to the login form after approximately 20 minutes of not
posting the page back to the server.

<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password=" cookieless="true" timeout="1" />

>-----Original Message-----
>That would be the way to do it.
>
>What makes you think that it is not working?
>
>"Geigho" <ighodaro@zeonchemicals.com> wrote in message
>news:0a7501c34a25$55ed5b50$a501280a@phx.gbl...

>> Setting session timeout in web.config file does not

seem

>> to have any effect. Any explanation or suggestion will

be

>> appreciated.

>
>
>.
>

[Marina]

forms authentication and session state are not related.

youre forms authentication timeout specifies how long after a period of
inactivity should the user be taken back to the login page.

Session state just says how long to maintain session data for. If the
session timeout is shorter then the authentication timeout, the session data
will dissapear, but the user will still be authenticated, and thus not be
asked to relog in.

"geigho" <ighodaro@zeonchemicals.com> wrote in message
news:020901c34a33$38136ad0$a301280a@phx.gbl...

> I am using a form based login. It does not matter what
> value I set timeout to (e.g timeout="1", timeout="20",
> timeout="120", etc), the application always takes me back
> to the login form after approximately 20 minutes of not
> posting the page back to the server.
>
> <sessionState mode="InProc"
> stateConnectionString="tcpip=127.0.0.1:42424"
> sqlConnectionString="data source=127.0.0.1;user
> id=sa;password=" cookieless="true" timeout="1" />
>

> >-----Original Message-----
> >That would be the way to do it.
> >
> >What makes you think that it is not working?
> >
> >"Geigho" <ighodaro@zeonchemicals.com> wrote in message
> >news:0a7501c34a25$55ed5b50$a501280a@phx.gbl...

> >> Setting session timeout in web.config file does not

> seem

> >> to have any effect. Any explanation or suggestion will

> be

> >> appreciated.

> >
> >
> >.
> >

[geigho]

Thanks! But how do you set forms authentication timeout?
If I saved authentication flag in a session variable and
the session timed out, is the variable still available?
If not, then won't this cause the login page to be
redisplay since the authentication code (logic) cannot
read the value set in the session variable?

>-----Original Message-----
>forms authentication and session state are not related.
>
>youre forms authentication timeout specifies how long

after a period of

>inactivity should the user be taken back to the login

page.

>
>Session state just says how long to maintain session

data for. If the

>session timeout is shorter then the authentication

timeout, the session data

>will dissapear, but the user will still be

authenticated, and thus not be

>asked to relog in.
>
>"geigho" <ighodaro@zeonchemicals.com> wrote in message
>news:020901c34a33$38136ad0$a301280a@phx.gbl...

>> I am using a form based login. It does not matter what
>> value I set timeout to (e.g timeout="1", timeout="20",
>> timeout="120", etc), the application always takes me

back

>> to the login form after approximately 20 minutes of not
>> posting the page back to the server.
>>
>> <sessionState mode="InProc"
>> stateConnectionString="tcpip=127.0.0.1:42424"
>> sqlConnectionString="data source=127.0.0.1;user
>> id=sa;password=" cookieless="true" timeout="1" />
>>

>> >-----Original Message-----
>> >That would be the way to do it.
>> >
>> >What makes you think that it is not working?
>> >
>> >"Geigho" <ighodaro@zeonchemicals.com> wrote in message
>> >news:0a7501c34a25$55ed5b50$a501280a@phx.gbl...
>> >> Setting session timeout in web.config file does not

>> seem

>> >> to have any effect. Any explanation or suggestion

will

>> be

>> >> appreciated.
>> >
>> >
>> >.
>> >

>
>
>.
>

[Jeff Ptak]

You set this value in the constructor for the
FormsAuthenticationTicket as shown below. After your user
is authenticated, try something like the following:

FormsAuthenticationTicket tkt;
string CookieStr;
HttpCookie ck;

// Create new Auth Ticket. Last argument authentication
timeout expressed in seconds.

SessionTimeout = 30; //Timeout in minutes

tkt = new FormsAuthenticationTicket(txtUserName.Text,
false, SessionTimeout * 60);

// Encrypt ticket
CookieStr = FormsAuthentication.Encrypt(tkt);

// Create the cookie
ck = new HttpCookie(FormsAuthentication.FormsCookieName,
CookieStr);

//Add cookie to HTTP header
Response.Cookies.Add(ck);

// Redirect to the main page
Response.Redirect("Default.htm", true);

HTH.

J. Ptak

>-----Original Message-----
>Thanks! But how do you set forms authentication timeout?
>If I saved authentication flag in a session variable and
>the session timed out, is the variable still available?
>If not, then won't this cause the login page to be
>redisplay since the authentication code (logic) cannot
>read the value set in the session variable?
>

>>-----Original Message-----
>>forms authentication and session state are not related.
>>
>>youre forms authentication timeout specifies how long

>after a period of

>>inactivity should the user be taken back to the login

>page.

>>
>>Session state just says how long to maintain session

>data for. If the

>>session timeout is shorter then the authentication

>timeout, the session data

>>will dissapear, but the user will still be

>authenticated, and thus not be

>>asked to relog in.
>>
>>"geigho" <ighodaro@zeonchemicals.com> wrote in message
>>news:020901c34a33$38136ad0$a301280a@phx.gbl...

>>> I am using a form based login. It does not matter what
>>> value I set timeout to (e.g timeout="1", timeout="20",
>>> timeout="120", etc), the application always takes me

>back

>>> to the login form after approximately 20 minutes of not
>>> posting the page back to the server.
>>>
>>> <sessionState mode="InProc"
>>> stateConnectionString="tcpip=127.0.0.1:42424"
>>> sqlConnectionString="data source=127.0.0.1;user
>>> id=sa;password=" cookieless="true" timeout="1" />
>>>
>>> >-----Original Message-----
>>> >That would be the way to do it.
>>> >
>>> >What makes you think that it is not working?
>>> >
>>> >"Geigho" <ighodaro@zeonchemicals.com> wrote in message
>>> >news:0a7501c34a25$55ed5b50$a501280a@phx.gbl...
>>> >> Setting session timeout in web.config file does not
>>> seem
>>> >> to have any effect. Any explanation or suggestion

>will

>>> be
>>> >> appreciated.
>>> >
>>> >
>>> >.
>>> >

>>
>>
>>.
>>

>.
>

[geigho]

Thanks.

>-----Original Message-----
>You set this value in the constructor for the
>FormsAuthenticationTicket as shown below. After your

user

>is authenticated, try something like the following:
>
>FormsAuthenticationTicket tkt;
>string CookieStr;
>HttpCookie ck;
>
>// Create new Auth Ticket. Last argument authentication
>timeout expressed in seconds.
>
>SessionTimeout = 30; //Timeout in minutes
>
>tkt = new FormsAuthenticationTicket(txtUserName.Text,
>false, SessionTimeout * 60);
>
>// Encrypt ticket
>CookieStr = FormsAuthentication.Encrypt(tkt);
>
>// Create the cookie
>ck = new HttpCookie(FormsAuthentication.FormsCookieName,
>CookieStr);
>
>//Add cookie to HTTP header
>Response.Cookies.Add(ck);
>
>// Redirect to the main page
>Response.Redirect("Default.htm", true);
>
>HTH.
>
>J. Ptak
>

>>-----Original Message-----
>>Thanks! But how do you set forms authentication timeout?
>>If I saved authentication flag in a session variable

and

>>the session timed out, is the variable still available?
>>If not, then won't this cause the login page to be
>>redisplay since the authentication code (logic) cannot
>>read the value set in the session variable?
>>

>>>-----Original Message-----
>>>forms authentication and session state are not related.
>>>
>>>youre forms authentication timeout specifies how long

>>after a period of

>>>inactivity should the user be taken back to the login

>>page.

>>>
>>>Session state just says how long to maintain session

>>data for. If the

>>>session timeout is shorter then the authentication

>>timeout, the session data

>>>will dissapear, but the user will still be

>>authenticated, and thus not be

>>>asked to relog in.
>>>
>>>"geigho" <ighodaro@zeonchemicals.com> wrote in message
>>>news:020901c34a33$38136ad0$a301280a@phx.gbl.. .
>>>> I am using a form based login. It does not matter

what

>>>> value I set timeout to (e.g timeout="1",

timeout="20",

>>>> timeout="120", etc), the application always takes me

>>back

>>>> to the login form after approximately 20 minutes of

not

>>>> posting the page back to the server.
>>>>
>>>> <sessionState mode="InProc"
>>>> stateConnectionString="tcpip=127.0.0.1:42424"
>>>> sqlConnectionString="data source=127.0.0.1;user
>>>> id=sa;password=" cookieless="true" timeout="1" />
>>>>
>>>> >-----Original Message-----
>>>> >That would be the way to do it.
>>>> >
>>>> >What makes you think that it is not working?
>>>> >
>>>> >"Geigho" <ighodaro@zeonchemicals.com> wrote in

message

>>>> >news:0a7501c34a25$55ed5b50$a501280a@phx.gbl...
>>>> >> Setting session timeout in web.config file does

not

>>>> seem
>>>> >> to have any effect. Any explanation or suggestion

>>will

>>>> be
>>>> >> appreciated.
>>>> >
>>>> >
>>>> >.
>>>> >
>>>
>>>
>>>.
>>>

>>.
>>

>.
>