I have an ASP.net 3.5 visual basic web application that uses form authentication.
In the web.config file the following is scripted…
timeout ="60" slidingExpiration ="true" />
I query an SQL database and declare several session variables when the user logs on in the code behind of the Login page. This is the code declaring the session variables from data queried from the SQL Server connection…
Dim customReader As SqlDataReader = LoginSelCommand.ExecuteReader()
If customReader.Read() Then
Session("UserID") = (customReader("IDNum"))
Session("UserFName") = (customReader("FName"))
Session("UserLName") = (customReader("LName"))
Session("UserEmail") = (customReader("email"))
If Not customReader.HasRows Then
Me.InvalidCredentialsMessage.Visible = True
Here is the PROBLEM…
As you can see, I have the Session set to timeout at 60 minutes which works fine, however, the declared session variable always timeout at exactly 20 minutes. These declared session variables are critical to the Web app as they are used as criteria in gridviews and email communication.
When a user returns to the default login page, there are several lists in their queue that show that they have no further funtions to complete after 20 minutes has elapsed while the forms authentication is not timing out for another 40 minutes, so they are still active but being presented the wrong data.
Why would the formsAuthentic authentication mode timeout for the session work OK (60 min) and the Session variables I declare disappear after 20 minutes which if I am not mistaken is the derfault timeout clock value?
Am I missing a step in my session setup?
Very frustrated, Please Help!