ASP.NET increasing session timeout
I have a Wizard control that I am emulating a CreateUserWizard so I can customize the steps/creation of the account. I've found a short coming in this because I place the user info (user name, password details) in step 1 of 6 of my wizard so by the time the user is to step 6 to create their account I can't access the text ouf of the password box.
What I've done is placed it in a session variable like so:
Session.Add("ptxt", Password.Text)
then when I am ready to make the account I read it back in:
Dim _password$ = Session("ptxt").ToString()
My wizard is somewhat lengthy so the session is timing out from step to step 6. I've added this in my web.config:
<sessionState timeout="540"/>
doesn't seem to do anything. From what I understand that should be 9 hours.
so I also editted it in IIS7 which had set it to a default of 20 minutes to 10 hours. That doesn't seem to work either.
Is there somewhere else I should be altering this? Another way to store the password would be ok and preferrable actually. Any thoughts or idea would be much appreciatiated and thanks as always experts!!
What I've done is placed it in a session variable like so:
Session.Add("ptxt", Password.Text)
then when I am ready to make the account I read it back in:
Dim _password$ = Session("ptxt").ToString()
My wizard is somewhat lengthy so the session is timing out from step to step 6. I've added this in my web.config:
<sessionState timeout="540"/>
doesn't seem to do anything. From what I understand that should be 9 hours.
so I also editted it in IIS7 which had set it to a default of 20 minutes to 10 hours. That doesn't seem to work either.
Is there somewhere else I should be altering this? Another way to store the password would be ok and preferrable actually. Any thoughts or idea would be much appreciatiated and thanks as always experts!!
post the web config... make sure it is not commented...
http://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.timeout.aspx
a sample web.config below
http://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.timeout.aspx
a sample web.config below
<configuration>
<system.web>
<sessionState
mode="InProc"
cookieless="true"
timeout="30" />
</system.web>
</configuration>ASKER
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Fra
-->
<configuration>
<configSections>
<sectionGroup name="system.web.extension
<sectionGroup name="scripting" type="System.Web.Configura
<section name="scriptResourceHandle
<sectionGroup name="webServices" type="System.Web.Configura
<section name="jsonSerialization" type="System.Web.Configura
<section name="profileService" type="System.Web.Configura
<section name="authenticationServic
<section name="roleService" type="System.Web.Configura
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<appSettings>
</appSettings>
<connectionStrings>
<remove name="LocalSQLServer" />
<add name="LocalSQLServer" connectionString="Data Source=constr\constr;Initi
providerName="System.Data.
</connectionStrings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
Visual Basic options:
Set strict="true" to disallow all data type conversions
where data loss can occur.
Set explicit="true" to force declaration of all variables.
-->
<roleManager enabled="true"/>
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C56193
<add assembly="System.Web.Exten
<add assembly="System.Data.Data
<add assembly="System.Xml.Linq,
<add assembly="System.Data.Linq
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D
<add assembly="System.Web.Exten
<add assembly="System.Windows.F
</assemblies>
</compilation>
<machineKey
validationKey="5E7486818AA
decryptionKey="8D59187848C
validation="SHA1" decryption="AES"
/>
<pages validateRequest="false" enableEventValidation="fal
viewStateEncryptionMode="N
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collecti
<add namespace="System.Collecti
<add namespace="System.Collecti
<add namespace="System.Configur
<add namespace="System.Text"/>
<add namespace="System.Text.Reg
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq
<add namespace="System.Web"/>
<add namespace="System.Web.Cach
<add namespace="System.Web.Sess
<add namespace="System.Web.Secu
<add namespace="System.Web.Prof
<add namespace="System.Web.UI"/
<add namespace="System.Web.UI.W
<add namespace="System.Web.UI.W
<add namespace="System.Web.UI.H
</namespaces>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Exten
<add namespace="AjaxControlTool
<add tagPrefix="asp" namespace="System.Web.UI.W
</controls>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms"/>
<membership>
<providers>
<clear/>
<remove name="AspNetSqlMembershipP
<add name="AspNetSqlMembershipP
type="System.Web.Security.
connectionStringName="Loca
enablePasswordRetrieval="f
enablePasswordReset="true"
requiresQuestionAndAnswer=
requiresUniqueEmail="false
passwordFormat="Hashed"
maxInvalidPasswordAttempts
minRequiredPasswordLength=
minRequiredNonalphanumeric
passwordAttemptWindow="10"
passwordStrengthRegularExp
applicationName="/"
/>
</providers>
</membership>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<customErrors mode="Off">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm
</customErrors>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Se
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Se
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.
</httpModules>
<sessionState timeout="540"/>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSh
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
<compiler language="vb;vbs;visualbas
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="OptionInfer" value="true"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
</compilers>
</system.codedom>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.webServer>
<validation validateIntegratedModeConf
<modules>
<remove name="ScriptModule"/>
<add name="ScriptModule" preCondition="managedHandl
</modules>
<handlers>
<remove name="WebServiceHandlerFac
<remove name="ScriptHandlerFactory
<remove name="ScriptHandlerFactory
<remove name="ScriptResource"/>
<add name="ScriptHandlerFactory
<add name="ScriptHandlerFactory
<add name="ScriptResource" preCondition="integratedMo
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microso
<dependentAssembly>
<assemblyIdentity name="System.Web.Extension
<bindingRedirect oldVersion="1.0.0.0-1.1.0.
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extension
<bindingRedirect oldVersion="1.0.0.0-1.1.0.
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Fra
-->
<configuration>
<configSections>
<sectionGroup name="system.web.extension
<sectionGroup name="scripting" type="System.Web.Configura
<section name="scriptResourceHandle
<sectionGroup name="webServices" type="System.Web.Configura
<section name="jsonSerialization" type="System.Web.Configura
<section name="profileService" type="System.Web.Configura
<section name="authenticationServic
<section name="roleService" type="System.Web.Configura
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<appSettings>
</appSettings>
<connectionStrings>
<remove name="LocalSQLServer" />
<add name="LocalSQLServer" connectionString="Data Source=constr\constr;Initi
providerName="System.Data.
</connectionStrings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
Visual Basic options:
Set strict="true" to disallow all data type conversions
where data loss can occur.
Set explicit="true" to force declaration of all variables.
-->
<roleManager enabled="true"/>
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C56193
<add assembly="System.Web.Exten
<add assembly="System.Data.Data
<add assembly="System.Xml.Linq,
<add assembly="System.Data.Linq
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D
<add assembly="System.Web.Exten
<add assembly="System.Windows.F
</assemblies>
</compilation>
<machineKey
validationKey="5E7486818AA
decryptionKey="8D59187848C
validation="SHA1" decryption="AES"
/>
<pages validateRequest="false" enableEventValidation="fal
viewStateEncryptionMode="N
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collecti
<add namespace="System.Collecti
<add namespace="System.Collecti
<add namespace="System.Configur
<add namespace="System.Text"/>
<add namespace="System.Text.Reg
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq
<add namespace="System.Web"/>
<add namespace="System.Web.Cach
<add namespace="System.Web.Sess
<add namespace="System.Web.Secu
<add namespace="System.Web.Prof
<add namespace="System.Web.UI"/
<add namespace="System.Web.UI.W
<add namespace="System.Web.UI.W
<add namespace="System.Web.UI.H
</namespaces>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Exten
<add namespace="AjaxControlTool
<add tagPrefix="asp" namespace="System.Web.UI.W
</controls>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms"/>
<membership>
<providers>
<clear/>
<remove name="AspNetSqlMembershipP
<add name="AspNetSqlMembershipP
type="System.Web.Security.
connectionStringName="Loca
enablePasswordRetrieval="f
enablePasswordReset="true"
requiresQuestionAndAnswer=
requiresUniqueEmail="false
passwordFormat="Hashed"
maxInvalidPasswordAttempts
minRequiredPasswordLength=
minRequiredNonalphanumeric
passwordAttemptWindow="10"
passwordStrengthRegularExp
applicationName="/"
/>
</providers>
</membership>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<customErrors mode="Off">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm
</customErrors>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Se
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Se
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.
</httpModules>
<sessionState timeout="540"/>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSh
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
<compiler language="vb;vbs;visualbas
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="OptionInfer" value="true"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
</compilers>
</system.codedom>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.webServer>
<validation validateIntegratedModeConf
<modules>
<remove name="ScriptModule"/>
<add name="ScriptModule" preCondition="managedHandl
</modules>
<handlers>
<remove name="WebServiceHandlerFac
<remove name="ScriptHandlerFactory
<remove name="ScriptHandlerFactory
<remove name="ScriptResource"/>
<add name="ScriptHandlerFactory
<add name="ScriptHandlerFactory
<add name="ScriptResource" preCondition="integratedMo
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microso
<dependentAssembly>
<assemblyIdentity name="System.Web.Extension
<bindingRedirect oldVersion="1.0.0.0-1.1.0.
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extension
<bindingRedirect oldVersion="1.0.0.0-1.1.0.
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
ASKER
i dont have inproc and cookieless could that make a difference?
ASKER
i think that might have fixed it, i'll let you guys know
ASKER
well now that i set in proc I am getting this stuff in my url
http://www.site.com/(S(tk5fafyjubpv41ff25mbvc45))/Default.aspx?aID=85202...
is that something session related it is showing?
http://www.site.com/(S(tk5fafyjubpv41ff25mbvc45))/Default.aspx?aID=85202...
is that something session related it is showing?
that one comes from cookiless=true :) remove that line
ASKER
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceExcept
still not working, let the page time out for about ~20 minutes and i still got the error that the session variable is gone
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceExcept
still not working, let the page time out for about ~20 minutes and i still got the error that the session variable is gone
ASKER
Ali, thanks for the deleted response :). But I have a question, I'm getting this error trying to set the window status text.
Error 22 'KeepSessionAlive.WindowSt
Error 22 'KeepSessionAlive.WindowSt
ASKER
oh nevermind, just didnt declare properly... too early in the morning i'll let you know if that worked.
ASKER
Well,
Ultimately Ali's answer that was removed was the answer to my problem. The KeepSessionAlive.aspx worked perfectly and resolved this issue. He deserves credit, if maybe he can repost the link to his reference I'd love to assign him the points!
Thanks again for all your help experts.
Ultimately Ali's answer that was removed was the answer to my problem. The KeepSessionAlive.aspx worked perfectly and resolved this issue. He deserves credit, if maybe he can repost the link to his reference I'd love to assign him the points!
Thanks again for all your help experts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The other thing to consider is if you are behind a load balancer because a user may be redirected to a different server than they started on and this can be adjusted by increasing the timeout as well.
The other option to look in to is to shorten the wizard steps of create an AJAX timer that simply posts to the server to keep the session alive.