I have this code in my web.config:
<system.web>
<authentication mode="Windows" />
<sessionState timeout="300" />
</system.web>
Even though sessionstate timeout is 300. It just expires in 15-20 mins and session data is lost. My Application pool and everything has correct timeout set of 300 minutes. So I believe problem is with Windows authentication only. Secondly, if I just disable the Windows authentication and remove that line, it all works out fine (i.e my session data is preserved for long duration). What can be the problem?
Thanks in advance :)
Make sure the idle timeout isn't set on the app pool in IIS. The default for that setting is 20 minutes (which leads to confusion over whether the timeout was triggered by session timeout or idle timeout) and in most cases can be safely set to 0, which turns it off.
To check the idle timeout in IIS, go to Advanced Settings for the app pool.
The idle timeout is a sliding window based on activity for the app, so requests from any client will reset the window. If your app is lightly used, you'll hit the timeout frequently, causing your app pool to recycle. The impact to users is that any sessions that had been active will be lost, and users walking up to your app after it has been idle will have to wait for it to run all of its start up processes.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With