Keeping Users Logged in

Whats the best way to keep users session active if they are using the application.


My app redirects users back to the login page if the user session is dropped. Tis us usually no browser activity after 20 mins.  The problem is that some users spend time typing a lot of text into textboxes and when they go to submit they get logged out because they have lost their session.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Russ SuterSenior Software DeveloperCommented:
The easiest thing to do would be to modify the web.config file and specify an unusually long timeout for the authentication.

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Signin.aspx" timeout="50000000" slidingExpiration="true" defaultUrl="~/Default.aspx" />

Open in new window

The timeout attribute specifies the number of minutes an authentication session remains active. Be aware, however that this does greatly reduce website security.
Daniel Van Der WerkenIndependent ConsultantCommented:
The items you need to worry about are the session timeout in the web.config and the application pool timeout as established at the IIS site level.

1. Modify or set the session timeout in the web.config. What Russ Suter says above may work in place of the web.config session timeout setting. Not sure myself.

2. Run the IIS configuration manager on the IIS server and open the application pool settings. There is a timeout value for the application pool. Make sure it matches what you have in the web.config.

I've successfully set a production site to 30 minutes in this fashion in my environment.
Should never ever increase session timeouts on the server!!!
Always handle something like this on the client side.

This link will give you many options.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EdAuthor Commented:
good solution
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.