Windows Auth Problem

[Tom Smit]

We're having a problem where our application is timing out
after 60 minutes no matter what type of activity is
occuring. A user can be in the middle of a server call
and it will timeout after 60 minutes. This only occurs
with Windows authentication and not forms based.

We have the following in the web.config:

<authentication mode="Windows">
<forms loginUrl="Login.aspx" name="RiskLogin"
timeout="120" path="/">
</forms>
</authentication>

<sessionState mode="StateServer"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password=" cookieless="false" timeout="120" />


Where is this 60 minute timeout coming from? Am i missing
something?

[Andrew]

Tom,

Here is a snippet from the machine.config file:

<authentication mode="Windows">
<!--
forms Attributes:
name="[cookie name]" - Name of the cookie used for Forms
Authentication
loginUrl="[url]" - Url to redirect client to for Authentication
protection="[All|None|Encryption|Validation]" - Protection mode for
data in cookie
timeout="[minutes]" - Duration of time for cookie to be valid (reset
on each request)
path="/" - Sets the path for the cookie
requireSSL="[true|false]" - Should the forms-authentication cookie
be sent only over SSL
slidingExpiration="[true|false]" - Should the
forms-authentication-cookie and ticket be re-issued if they are about to
expire
-->
<forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All"
timeout="30" path="/" requireSSL="false" slidingExpiration="true"></forms>
</authentication>

I am not entirely positive about this, but you may try adding the
"slidingExpiration" attribute to your web.config file. It is supposed to
reissue the authentication cookie every time a request is sent to the
server...at least the way I understand what I read in the documentation.
You can set the "timeout" period to whatever you like, but the sliding
expiration keeps the session alive as long as someone is actively using it.
I think this is so you can have short timeout periods but not worry too much
about loosing your users.

Give it a shot, but I thought if nothing else it was woth a try. :)

-- Andrew




"Tom Smit" <tsmit@nospam.com> wrote in message
news:%2353V0dMHEHA.3700@TK2MSFTNGP09.phx.gbl...

> We're having a problem where our application is timing out
> after 60 minutes no matter what type of activity is
> occuring. A user can be in the middle of a server call
> and it will timeout after 60 minutes. This only occurs
> with Windows authentication and not forms based.
>
> We have the following in the web.config:
>
> <authentication mode="Windows">
> <forms loginUrl="Login.aspx" name="RiskLogin"
> timeout="120" path="/">
> </forms>
> </authentication>
>
> <sessionState mode="StateServer"
> stateConnectionString="tcpip=127.0.0.1:42424"
> sqlConnectionString="data source=127.0.0.1;user
> id=sa;password=" cookieless="false" timeout="120" />
>
>
> Where is this 60 minute timeout coming from? Am i missing
> something?
>
>