Larry Brister
asked on
IIS and ASP.Net Web Site Session Timeout
I have an ASP.NET Website...vb code.
Uses a Bootstrap.Master Page
The web config has
<sessionState mode="InProc" timeout="15" />
The IIS SessionState screen looks like the shot below...
And yet the user is never booted off at the 15 minute point
What else can I add?
Uses a Bootstrap.Master Page
The web config has
<sessionState mode="InProc" timeout="15" />
The IIS SessionState screen looks like the shot below...
And yet the user is never booted off at the 15 minute point
What else can I add?
ASKER
Bembi
If the user is on his computer
Has the web site open to any page
Walks away for 16 minutes
The site should end the session
And when they click... it redirects to Login.aspx
If the user is on his computer
Has the web site open to any page
Walks away for 16 minutes
The site should end the session
And when they click... it redirects to Login.aspx
There is an older question addrfessing the same question with some links inside:
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
timeout="15"
protection="none"
cookieless="false" />
</authentication>
</system.web>
https://www.experts-exchange.com/questions/27041535/How-to-force-user-to-re-login-after-my-session-variable-expires-in-ASP-Net.html
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
timeout="15"
protection="none"
cookieless="false" />
</authentication>
</system.web>
ASKER
Hey Bembi
I have this already... <forms name="admin" loginUrl="login.aspx" protection="All" path="/" timeout="15"/>
What is the difference on the protection = none?
I have this already... <forms name="admin" loginUrl="login.aspx" protection="All" path="/" timeout="15"/>
What is the difference on the protection = none?
protection is the encryption of the cookie.
Default = all
Should not make a difference...(I mean according to the question)
What happens after the login, do you serve aspx files or html?
If you serve html, you may change the associating extensions (i.e htm, html) to aspnet_isapi.dll
Default = all
Should not make a difference...(I mean according to the question)
What happens after the login, do you serve aspx files or html?
If you serve html, you may change the associating extensions (i.e htm, html) to aspnet_isapi.dll
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Bembi
It is a CRM System each aspx page using vb code behind to data from MS SQL Server
It is a CRM System each aspx page using vb code behind to data from MS SQL Server
ASKER
Dustin Saunders
Seems to me with your code
I could place that in the BootStrap.Master Page
And on time limit
Redirect to a page...
That kills the sessions
And then reloads the Login page?
Seems to me with your code
I could place that in the BootStrap.Master Page
And on time limit
Redirect to a page...
That kills the sessions
And then reloads the Login page?
@Larry Brister
That's the idea, you can use window.location.replace instead to bump to another route.
That's the idea, you can use window.location.replace instead to bump to another route.
But if the users continues to click, a new session is created.
What is your intention to do? What should happen?