Jeanette Durham
asked on
ASP.NET increasing session timeout
I have a Wizard control that I am emulating a CreateUserWizard so I can customize the steps/creation of the account. I've found a short coming in this because I place the user info (user name, password details) in step 1 of 6 of my wizard so by the time the user is to step 6 to create their account I can't access the text ouf of the password box.
What I've done is placed it in a session variable like so:
Session.Add("ptxt", Password.Text)
then when I am ready to make the account I read it back in:
Dim _password$ = Session("ptxt").ToString()
My wizard is somewhat lengthy so the session is timing out from step to step 6. I've added this in my web.config:
<sessionState timeout="540"/>
doesn't seem to do anything. From what I understand that should be 9 hours.
so I also editted it in IIS7 which had set it to a default of 20 minutes to 10 hours. That doesn't seem to work either.
Is there somewhere else I should be altering this? Another way to store the password would be ok and preferrable actually. Any thoughts or idea would be much appreciatiated and thanks as always experts!!
What I've done is placed it in a session variable like so:
Session.Add("ptxt", Password.Text)
then when I am ready to make the account I read it back in:
Dim _password$ = Session("ptxt").ToString()
My wizard is somewhat lengthy so the session is timing out from step to step 6. I've added this in my web.config:
<sessionState timeout="540"/>
doesn't seem to do anything. From what I understand that should be 9 hours.
so I also editted it in IIS7 which had set it to a default of 20 minutes to 10 hours. That doesn't seem to work either.
Is there somewhere else I should be altering this? Another way to store the password would be ok and preferrable actually. Any thoughts or idea would be much appreciatiated and thanks as always experts!!
post the web config... make sure it is not commented...
http://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.timeout.aspx
a sample web.config below
http://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.timeout.aspx
a sample web.config below
<configuration>
<system.web>
<sessionState
mode="InProc"
cookieless="true"
timeout="30" />
</system.web>
</configuration>
ASKER
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Fra mework\v2. x\Config
-->
<configuration>
<configSections>
<sectionGroup name="system.web.extension s" type="System.Web.Configura tion.Syste mWebExtens ionsSectio nGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35">
<sectionGroup name="scripting" type="System.Web.Configura tion.Scrip tingSectio nGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35">
<section name="scriptResourceHandle r" type="System.Web.Configura tion.Scrip tingScript ResourceHa ndlerSecti on, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35" requirePermission="false" allowDefinition="MachineTo Applicatio n"/>
<sectionGroup name="webServices" type="System.Web.Configura tion.Scrip tingWebSer vicesSecti onGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35">
<section name="jsonSerialization" type="System.Web.Configura tion.Scrip tingJsonSe rializatio nSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35" requirePermission="false" allowDefinition="Everywher e"/>
<section name="profileService" type="System.Web.Configura tion.Scrip tingProfil eServiceSe ction, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35" requirePermission="false" allowDefinition="MachineTo Applicatio n"/>
<section name="authenticationServic e" type="System.Web.Configura tion.Scrip tingAuthen ticationSe rviceSecti on, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35" requirePermission="false" allowDefinition="MachineTo Applicatio n"/>
<section name="roleService" type="System.Web.Configura tion.Scrip tingRoleSe rviceSecti on, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35" requirePermission="false" allowDefinition="MachineTo Applicatio n"/>
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<appSettings>
</appSettings>
<connectionStrings>
<remove name="LocalSQLServer" />
<add name="LocalSQLServer" connectionString="Data Source=constr\constr;Initi al Catalog=GiveAwayUSA;Integr ated Security=True"
providerName="System.Data. SqlClient" />
</connectionStrings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
Visual Basic options:
Set strict="true" to disallow all data type conversions
where data loss can occur.
Set explicit="true" to force declaration of all variables.
-->
<roleManager enabled="true"/>
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C56193 4E089"/>
<add assembly="System.Web.Exten sions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
<add assembly="System.Data.Data SetExtensi ons, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C56193 4E089"/>
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C56193 4E089"/>
<add assembly="System.Data.Linq , Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C56193 4E089"/>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D 50A3A"/>
<add assembly="System.Web.Exten sions.Desi gn, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
<add assembly="System.Windows.F orms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C56193 4E089"/>
</assemblies>
</compilation>
<machineKey
validationKey="5E7486818AA 7B65480546 FBBD628A98 CC9DBB9166 A0D590EA4B 94981E606B 22D851CDEA 6F8EBC675F 822D6E3D73 8B4222F8F6 E436244F2C 5FD596E4B2 752A043"
decryptionKey="8D59187848C FFBD96BBCF 42D94CF05C 0D12C9CCF1 101B0BD56E 7419EA3197 B89"
validation="SHA1" decryption="AES"
/>
<pages validateRequest="false" enableEventValidation="fal se"
viewStateEncryptionMode="N ever" >
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collecti ons"/>
<add namespace="System.Collecti ons.Generi c"/>
<add namespace="System.Collecti ons.Specia lized"/>
<add namespace="System.Configur ation"/>
<add namespace="System.Text"/>
<add namespace="System.Text.Reg ularExpres sions"/>
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq "/>
<add namespace="System.Web"/>
<add namespace="System.Web.Cach ing"/>
<add namespace="System.Web.Sess ionState"/ >
<add namespace="System.Web.Secu rity"/>
<add namespace="System.Web.Prof ile"/>
<add namespace="System.Web.UI"/ >
<add namespace="System.Web.UI.W ebControls "/>
<add namespace="System.Web.UI.W ebControls .WebParts" />
<add namespace="System.Web.UI.H tmlControl s"/>
</namespaces>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Exten sions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
<add namespace="AjaxControlTool kit" assembly="AjaxControlToolk it" tagPrefix="ajaxToolkit"/>
<add tagPrefix="asp" namespace="System.Web.UI.W ebControls " assembly="System.Web.Exten sions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
</controls>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms"/>
<membership>
<providers>
<clear/>
<remove name="AspNetSqlMembershipP rovider">< /remove>
<add name="AspNetSqlMembershipP rovider"
type="System.Web.Security. SqlMembers hipProvide r, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d 50a3a"
connectionStringName="Loca lSqlServer "
enablePasswordRetrieval="f alse"
enablePasswordReset="true"
requiresQuestionAndAnswer= "true"
requiresUniqueEmail="false "
passwordFormat="Hashed"
maxInvalidPasswordAttempts ="5"
minRequiredPasswordLength= "7"
minRequiredNonalphanumeric Characters ="0"
passwordAttemptWindow="10"
passwordStrengthRegularExp ression=""
applicationName="/"
/>
</providers>
</membership>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<customErrors mode="Off">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm " />
</customErrors>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Se rvices.Scr iptHandler Factory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Se rvices.Scr iptHandler Factory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers. ScriptReso urceHandle r, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers. ScriptModu le, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
</httpModules>
<sessionState timeout="540"/>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSh arpCodePro vider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c56193 4e089">
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
<compiler language="vb;vbs;visualbas ic;vbscrip t" extension=".vb" warningLevel="4" type="Microsoft.VisualBasi c.VBCodePr ovider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c56193 4e089">
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="OptionInfer" value="true"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
</compilers>
</system.codedom>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.webServer>
<validation validateIntegratedModeConf iguration= "false"/>
<modules>
<remove name="ScriptModule"/>
<add name="ScriptModule" preCondition="managedHandl er" type="System.Web.Handlers. ScriptModu le, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
</modules>
<handlers>
<remove name="WebServiceHandlerFac tory-Integ rated"/>
<remove name="ScriptHandlerFactory "/>
<remove name="ScriptHandlerFactory AppService s"/>
<remove name="ScriptResource"/>
<add name="ScriptHandlerFactory " verb="*" path="*.asmx" preCondition="integratedMo de" type="System.Web.Script.Se rvices.Scr iptHandler Factory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
<add name="ScriptHandlerFactory AppService s" verb="*" path="*_AppService.axd" preCondition="integratedMo de" type="System.Web.Script.Se rvices.Scr iptHandler Factory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
<add name="ScriptResource" preCondition="integratedMo de" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers. ScriptReso urceHandle r, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3 64E35"/>
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microso ft-com:asm .v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Extension s" publicKeyToken="31bf3856ad 364e35"/>
<bindingRedirect oldVersion="1.0.0.0-1.1.0. 0" newVersion="3.5.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extension s.Design" publicKeyToken="31bf3856ad 364e35"/>
<bindingRedirect oldVersion="1.0.0.0-1.1.0. 0" newVersion="3.5.0.0"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Fra
-->
<configuration>
<configSections>
<sectionGroup name="system.web.extension
<sectionGroup name="scripting" type="System.Web.Configura
<section name="scriptResourceHandle
<sectionGroup name="webServices" type="System.Web.Configura
<section name="jsonSerialization" type="System.Web.Configura
<section name="profileService" type="System.Web.Configura
<section name="authenticationServic
<section name="roleService" type="System.Web.Configura
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<appSettings>
</appSettings>
<connectionStrings>
<remove name="LocalSQLServer" />
<add name="LocalSQLServer" connectionString="Data Source=constr\constr;Initi
providerName="System.Data.
</connectionStrings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
Visual Basic options:
Set strict="true" to disallow all data type conversions
where data loss can occur.
Set explicit="true" to force declaration of all variables.
-->
<roleManager enabled="true"/>
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C56193
<add assembly="System.Web.Exten
<add assembly="System.Data.Data
<add assembly="System.Xml.Linq,
<add assembly="System.Data.Linq
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D
<add assembly="System.Web.Exten
<add assembly="System.Windows.F
</assemblies>
</compilation>
<machineKey
validationKey="5E7486818AA
decryptionKey="8D59187848C
validation="SHA1" decryption="AES"
/>
<pages validateRequest="false" enableEventValidation="fal
viewStateEncryptionMode="N
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collecti
<add namespace="System.Collecti
<add namespace="System.Collecti
<add namespace="System.Configur
<add namespace="System.Text"/>
<add namespace="System.Text.Reg
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq
<add namespace="System.Web"/>
<add namespace="System.Web.Cach
<add namespace="System.Web.Sess
<add namespace="System.Web.Secu
<add namespace="System.Web.Prof
<add namespace="System.Web.UI"/
<add namespace="System.Web.UI.W
<add namespace="System.Web.UI.W
<add namespace="System.Web.UI.H
</namespaces>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Exten
<add namespace="AjaxControlTool
<add tagPrefix="asp" namespace="System.Web.UI.W
</controls>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms"/>
<membership>
<providers>
<clear/>
<remove name="AspNetSqlMembershipP
<add name="AspNetSqlMembershipP
type="System.Web.Security.
connectionStringName="Loca
enablePasswordRetrieval="f
enablePasswordReset="true"
requiresQuestionAndAnswer=
requiresUniqueEmail="false
passwordFormat="Hashed"
maxInvalidPasswordAttempts
minRequiredPasswordLength=
minRequiredNonalphanumeric
passwordAttemptWindow="10"
passwordStrengthRegularExp
applicationName="/"
/>
</providers>
</membership>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<customErrors mode="Off">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm
</customErrors>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Se
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Se
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.
</httpModules>
<sessionState timeout="540"/>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSh
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
<compiler language="vb;vbs;visualbas
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="OptionInfer" value="true"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
</compilers>
</system.codedom>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.webServer>
<validation validateIntegratedModeConf
<modules>
<remove name="ScriptModule"/>
<add name="ScriptModule" preCondition="managedHandl
</modules>
<handlers>
<remove name="WebServiceHandlerFac
<remove name="ScriptHandlerFactory
<remove name="ScriptHandlerFactory
<remove name="ScriptResource"/>
<add name="ScriptHandlerFactory
<add name="ScriptHandlerFactory
<add name="ScriptResource" preCondition="integratedMo
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microso
<dependentAssembly>
<assemblyIdentity name="System.Web.Extension
<bindingRedirect oldVersion="1.0.0.0-1.1.0.
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extension
<bindingRedirect oldVersion="1.0.0.0-1.1.0.
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
ASKER
i dont have inproc and cookieless could that make a difference?
ASKER
i think that might have fixed it, i'll let you guys know
ASKER
well now that i set in proc I am getting this stuff in my url
http://www.site.com/(S(tk5fafyjubpv41ff25mbvc45))/Default.aspx?aID=85202...
is that something session related it is showing?
http://www.site.com/(S(tk5fafyjubpv41ff25mbvc45))/Default.aspx?aID=85202...
is that something session related it is showing?
that one comes from cookiless=true :) remove that line
ASKER
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceExcept ion: Object reference not set to an instance of an object.
still not working, let the page time out for about ~20 minutes and i still got the error that the session variable is gone
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceExcept
still not working, let the page time out for about ~20 minutes and i still got the error that the session variable is gone
ASKER
Ali, thanks for the deleted response :). But I have a question, I'm getting this error trying to set the window status text.
Error 22 'KeepSessionAlive.WindowSt atusText' is not accessible in this context because it is 'Private'. C:\work\GiveAwayUSA\KeepSe ssionAlive .aspx 1 1 C:\work\GiveAwayUSA\
Error 22 'KeepSessionAlive.WindowSt
ASKER
oh nevermind, just didnt declare properly... too early in the morning i'll let you know if that worked.
ASKER
Well,
Ultimately Ali's answer that was removed was the answer to my problem. The KeepSessionAlive.aspx worked perfectly and resolved this issue. He deserves credit, if maybe he can repost the link to his reference I'd love to assign him the points!
Thanks again for all your help experts.
Ultimately Ali's answer that was removed was the answer to my problem. The KeepSessionAlive.aspx worked perfectly and resolved this issue. He deserves credit, if maybe he can repost the link to his reference I'd love to assign him the points!
Thanks again for all your help experts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The other thing to consider is if you are behind a load balancer because a user may be redirected to a different server than they started on and this can be adjusted by increasing the timeout as well.
The other option to look in to is to shorten the wizard steps of create an AJAX timer that simply posts to the server to keep the session alive.