Sitecore 7.5 MVC and HttpContext.Session.Timeout set to 1 min

Question

I have the session timeout set to 20min but when I try to access this value from action I'm getting 1min instead.

Web.Config settings are:

<sessionState mode="InProc" cookieless="false" timeout="20">

<authentication mode="None">
  <forms name=".ASPXAUTH" cookieless="UseCookies" timeout="20" />
</authentication>

In Global.asax.cs in Session_Start value of timeout is 20min:

HttpContext.Current.Session.Timeout

But in action in my controller is set to 1min:

System.Web.HttpContext.Current.Session.Timeout 
HttpContext.Session.Timeout

I've found that when I remove SitecoreHttpModule which is of type (Sitecore.Nexus.Web.HttpModule,Sitecore.Nexus) from web.config the timeout works fine but I dont think I can remove it permanently.

 <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="WebDAVModule"/>
      <add type="Sitecore.Web.RewriteModule, Sitecore.Kernel" name="SitecoreRewriteModule"/>
      <!-- !!!REMOVED MODULE!!! <add type="Sitecore.Nexus.Web.HttpModule,Sitecore.Nexus" name="SitecoreHttpModule"/> -->
      <add type="Sitecore.Resources.Media.UploadWatcher, Sitecore.Kernel" name="SitecoreUploadWatcher"/>
      <add type="Sitecore.IO.XslWatcher, Sitecore.Kernel" name="SitecoreXslWatcher"/>
      <add type="Sitecore.IO.LayoutWatcher, Sitecore.Kernel" name="SitecoreLayoutWatcher"/>
      <add type="Sitecore.Configuration.ConfigWatcher, Sitecore.Kernel" name="SitecoreConfigWatcher"/>
      ...
    </modules>
</system.webServer>

Is there any place I can configure this timeout for this module or there is any other way to set session timeout to desired value?

Answer 1

Every first request for a new user is considered as a possible bot request. That's why session timeout is set to 1 minute for those requests.

If the request is executed by the proper end user, there should be VisitorIdentification code on your page which in fact will cause another background call to the server and extend the session for the user.

Just add

@using Sitecore.Mvc.Analytics.Extensions
...
@Html.Sitecore().VisitorIdentification()

to your layout .cshtml file.

Timeout will be set to 1 minute for the first request, but then automatically changed back to 20 (or whatever is configured), when Sitecore does the VisitorIdentification call.

Answer 2

The problem is in robots detection in Sitecore Analytics module. My browser is recognized as a bot and there are some settings about that in Sitecore.Analytics.Tracking.config file:

 <!--  ANALYTICS ROBOTS SESSION TIMEOUT
        The ASP.NET Session Timeout for auto detected robots. 
        When the automatic robot detection identifies a session as being a robot, the ASP.NET
        Session Timeout is set to this value (in minutes).
        Default: 1
  -->
  <setting name="Analytics.Robots.SessionTimeout" value="1" />

The timeout is set to 1min when bot is detected to save some mememory and not to keep session too long.

The timeout will be set to desired 20min value when I either disable Analytics at all or disable Analytics.AutoDetectBots (in Sitecore.Analytics.Tracking.config file).

The proper solution for this is to clasify browser correctly (not as a bot).

Another post on this issue:

Sitecore Analytics Robots SessionTimeout causing premature session timeout