ASP.NET Session TimeOut problem

Question

I have a wired scenario in one of my ASP.net application.

I am using ASP.net membership with my custom "roleManager",

and having below tag in web.config to restrict any user not having role of "Keywords"(roles) to access "Keywords"(path) folder

<location path="Keywords">

<system.web>

<authorization>

<allow roles="Keywords"/>

<deny users="*" />

</authorization>

</system.web>

</location>

If any user with some other role allow to assess this URL (Keywords in this case) will be redirected to a custom- Access denied page.

Now things working fine but when I left my application with a inactivity of 30 min I am not able to visit the "Keywords", all the time I end up with the custom- Access denied page, if I close the browser, login again it start working fine.

Please help me in this case.

Thanks in advance

Answer 1

ASP.NET sessions time out after 20 minutes by default, I think.

You can extend this by specifying a longer time (in minutes) in the Web.config:

<system.web>
    <sessionState timeout="60"/>
    ...
</system.web>

If you are authenticating via Forms, you should raise the authentication cookie timeout value to match.

Also bear in mind that, when running the site under IIS, you should probably extend the application pool's idle timout to something similar. If you don't do this, the HttpApplication instance for your ASP.NET site will be unloaded, destroying any active sessions in the process.