How Can You Dynamically Set Session Timeout?

TimAttaway used Ask the Experts™
Our intranet site has a large number of users out in the field and a handful of users here in the office.  The web.config specifies a session timeout of 20 minutes, i.e.

<sessionState  timeout="20"/>

I would like to increase the the timeout to several hours for the people who are located within our office complex.  I am trying to do that by resetting the session timeout value when they log in.  I look up information about the user from our database and then attempt the following.

            Dim instance As System.Web.SessionState.HttpSessionState =  HttpContext.Current.Session

            If thisIsALocalUser Then

                instance.Timeout = 240


                 instance.Timeout = 20

                End If

            End If

I have some javascript code that displays the session time remaining at the top of the screen and it thinks that the remaining time is 240 minutes, but the session still times out after 20 minutes.  It appears that the timeout in the web.config wins out even though I attempted to override it for a given user.

Question 1 is what happened when I did the "instance.Timeout = 240"?

Question 2 is how can I reset the timeout value for select individuals?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Try using

user.isinrole("SomeRolel") //Here You can place your code


Thanks, but my problem is not in deciding who should get what timeout.  The problem is that when I do the Session.Timeout = ?? it seems to have no effect.


I was just poking around some more and noticed that the IIS7 Application Pool also has an idle timeout of 20 minutes.  I'm not sure which one is causing the session to expire.  Is it the IIS timeout or the timeout in my web.config file?  How do the two interrelate?  And back to the original question, whichever one it is, how do I override it dynamically based on the user?
I seem to have figured it out for myself.  It is the IIS7 Application Pool Idle Time-Out setting that was kicking me out.  That needs to be set to the largest value that I would want to have for any of my users.  then in my own logon routine, I can see who the user is and set the Session.Timeout to anything less than or equal to the Application Pool Idle Time-Out setting and it seems to work.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial