Forms Authentication timing out when it shouldn't?

Question

I have a problem with an ASP.NET application that is driving me nuts.

When a user leaves a page inactive for a period of time the session was timing out and error were being thrown due to session variables not being resolvable (I will error trap this anyway but this is not the problem). I coded a 'defribulator' which will perform an invisible postback after half of the session timeout has expired and this seemed to work fine - leaving the application for 30 mins did not cause an error even though the session timeout was set for 20 mins. However, this morning one of the other Devs experienced a timeout - How is this possible?

On further investigation I think that the problem occurs when the Forms Authentication timeout is exceeded - even though the defribulator has been (apparently) keeping the session alive. I have read that the Authentication ticket will only be reissued if a postback occurs after half of the specified timeout period has elepsed and this can't the issue as the defrib will have issued requests during the second half of the timeout period - so why was it not reissued?

I suppose I could get around the problem by setting the authentication timeout to 8 hours or so but that is a poor fix.

Can anyone shed any light on this?

Thanks in advance

[Edit 24/11/2008] Reviewing the Log Files has proved enlightening and confusing. I can see the defribulator firing after 10 minutes of inactivity but while the Session_Id appears to be consitent throughout, the forms authentications ticket ID changes - not sure if it is supposed to or not. I'm formulating a test plan now and will post back when i have completed them. Thanks to everyone who have provided feedback so far.

[Edit 24/11/2008] Well I'm stumped - everthing seems to be working fine at the moment! The Authentication ticket is being regenerated when the defrib runs (the ID changes) and the session is being maintained. Was it a server issue - can't tell. I have experienced this problem before and never got to the bottom of it and it is very frustrating - surely it should not be this difficult. I'm going to have to let this drop for the timebeing as I have to get on with some other aspects of the application. I'll just have to code around this issue - which may never occur on the customer site.

Thanks again for everyones input - if I make any progress I will post it back here.

Answer 1

This may also happen when iis recycles or terminates the application pool.

You may want to check Troubleshoot Forms Authentication It could be that the client lost their cookie.

If you manually generate the authentication ticket, you need to set the timeout in code and not the web.config

Answer 2

Don't mean to state the obvious, but:

1. Are the Session and FormsAuthentication timeouts set to the same value?
2. Is slidingExpiration set to true?