Here is a snippet from the machine.config file:
name="[cookie name]" - Name of the cookie used for Forms
loginUrl="[url]" - Url to redirect client to for Authentication
protection="[All|None|Encryption|Validation]" - Protection mode for
data in cookie
timeout="[minutes]" - Duration of time for cookie to be valid (reset
on each request)
path="/" - Sets the path for the cookie
requireSSL="[true|false]" - Should the forms-authentication cookie
be sent only over SSL
slidingExpiration="[true|false]" - Should the
forms-authentication-cookie and ticket be re-issued if they are about to
<forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All"
timeout="30" path="/" requireSSL="false" slidingExpiration="true"></forms>
I am not entirely positive about this, but you may try adding the
"slidingExpiration" attribute to your web.config file. It is supposed to
reissue the authentication cookie every time a request is sent to the
server...at least the way I understand what I read in the doentation.
You can set the "timeout" period to whatever you like, but the sliding
expiration keeps the session alive as long as someone is actively using it.
I think this is so you can have short timeout periods but not worry too much
about loosing your users.
Give it a shot, but I thought if nothing else it was woth a try. :)
"Tom Smit" <tsmitnospam.com> wrote in message
news:%2353V0dMHEHA.3700TK2MSFTNGP09.phx.gbl...> We're having a problem where our application is timing out
> after 60 minutes no matter what type of activity is
> occuring. A user can be in the middle of a server call
> and it will timeout after 60 minutes. This only occurs
> with Windows authentication and not forms based.
> We have the following in the web.config:
> <authentication mode="Windows">
> <forms loginUrl="Login.aspx" name="RiskLogin"
> timeout="120" path="/">
> <sessionState mode="StateServer"
> sqlConnectionString="data source=127.0.0.1;user
> id=sa;password=" cookieless="false" timeout="120" />
> Where is this 60 minute timeout coming from? Am i missing