Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

windows authentication session timeout

I have this code in my web.config:

 <system.web>
    <authentication mode="Windows" />
        <sessionState timeout="300" />
  </system.web>

Even though sessionstate timeout is 300. It just expires in 15-20 mins and session data is lost. My Application pool and everything has correct timeout set of 300 minutes. So I believe problem is with Windows authentication only. Secondly, if I just disable the Windows authentication and remove that line, it all works out fine (i.e my session data is preserved for long duration). What can be the problem?

Thanks in advance :)

like image 481
Jaggu Avatar asked Aug 03 '11 07:08

Jaggu


1 Answers

Make sure the idle timeout isn't set on the app pool in IIS. The default for that setting is 20 minutes (which leads to confusion over whether the timeout was triggered by session timeout or idle timeout) and in most cases can be safely set to 0, which turns it off.

To check the idle timeout in IIS, go to Advanced Settings for the app pool.

The idle timeout is a sliding window based on activity for the app, so requests from any client will reset the window. If your app is lightly used, you'll hit the timeout frequently, causing your app pool to recycle. The impact to users is that any sessions that had been active will be lost, and users walking up to your app after it has been idle will have to wait for it to run all of its start up processes.

like image 61
Jon Crowell Avatar answered Oct 23 '22 14:10

Jon Crowell