Link to home
Create AccountLog in
Avatar of Larry Brister
Larry BristerFlag for United States of America

asked on

IIS and ASP.Net Web Site Session Timeout

I have an ASP.NET Website...vb code.
Uses a Bootstrap.Master Page

The web config has    
 <sessionState mode="InProc" timeout="15" />
The IIS SessionState screen looks like the shot below...

And yet the user is never booted off at the 15 minute point

What else can I add?

User generated image

Avatar of Bembi
Bembi
Flag of Germany image

A timeout is defined as "idle". So the session is closed, when it is idle for more than 15 minutes.
But if the users continues to click, a new session is created.

What is your intention to do? What should happen?  

Avatar of Larry Brister

ASKER

Bembi
If the user is on his computer
Has the web site open to any page
Walks away for 16 minutes
The site should end the session
And when they click... it redirects to Login.aspx
There is an older question addrfessing the same question with some links inside:

https://www.experts-exchange.com/questions/27041535/How-to-force-user-to-re-login-after-my-session-variable-expires-in-ASP-Net.html


<system.web>
  <authentication mode="Forms">
    <forms loginUrl="Login.aspx"
           timeout="15"
           protection="none"
           cookieless="false" />
  </authentication>
</system.web>
 
Hey Bembi
I have this already...  <forms name="admin" loginUrl="login.aspx" protection="All" path="/" timeout="15"/>
What is the difference on the protection = none?
protection is the encryption of the cookie.
Default = all

Should not make a difference...(I mean according to the question)
What happens after the login, do you serve aspx files or html?
If you serve html, you may change the associating extensions (i.e htm, html) to aspnet_isapi.dll 
ASKER CERTIFIED SOLUTION
Avatar of Dustin Saunders
Dustin Saunders
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Bembi
It is a CRM System each aspx page using vb code behind to data from MS SQL Server
Dustin Saunders 
Seems to me with your code
I could place that in the BootStrap.Master Page
And on time limit
Redirect to a page...
That kills the sessions
And then reloads the Login page?
@Larry Brister
That's the idea, you can use window.location.replace instead to bump to another route.