Home > Archive > ASP .NET > January 2005 > Session timeout not working
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Session timeout not working
|
|
|
| I tried to set session timeout =1 minute as seen below in my Web.config but
it didn't work. I also tried to set the timeout in IIS as well and still the
application doesn't time out after 1 minute. Please show me how to set the
timeout setting. Thanks.
<sessionState
mode="StateServer"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="1"
/>
| |
| Alvin Bruney [MVP] 2005-01-29, 8:57 pm |
| how do you know the session didn't time out? what tests are you running to
show that it didn't time out? If you put a break point in the session
timeout event, does it hold?
--
Regards,
Alvin Bruney
[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
----------------------------------------------------------
"hn" <hn@discussions.microsoft.com> wrote in message
news:CE5F907B-EA95-4B69-83F2-1E0A19CB8CE2@microsoft.com...
>I tried to set session timeout =1 minute as seen below in my Web.config but
> it didn't work. I also tried to set the timeout in IIS as well and still
> the
> application doesn't time out after 1 minute. Please show me how to set the
> timeout setting. Thanks.
>
> <sessionState
> mode="StateServer"
> stateConnectionString="tcpip=127.0.0.1:42424"
> sqlConnectionString="data
> source=127.0.0.1;Trusted_Connection=yes"
> cookieless="false"
> timeout="1"
> />
| |
|
| On my asp.net pages I use session for authentication. If session ends, the
user should be logged out and redirected to some other page. Currently the
user is only logged out after 20 minutes or so. when I set timeout=1, the
user is still able to navigate the authenticated pages after 1 minute of
being inactive.
"Alvin Bruney [MVP]" wrote:
> how do you know the session didn't time out? what tests are you running to
> show that it didn't time out? If you put a break point in the session
> timeout event, does it hold?
>
> --
> Regards,
> Alvin Bruney
>
> [Shameless Author plug]
> The Microsoft Office Web Components Black Book with .NET
> Now Available @ www.lulu.com/owc
> ----------------------------------------------------------
>
>
> "hn" <hn@discussions.microsoft.com> wrote in message
> news:CE5F907B-EA95-4B69-83F2-1E0A19CB8CE2@microsoft.com...
>
>
>
| |
| Alvin Bruney [MVP] 2005-01-31, 8:59 pm |
| You have a logic error. In each page load, you need to check session to find
out if the user is still authenticated.
Consider:
if(Session["LOGIN"] == null)
redirect to login page
In your case, when the timeout occurs and you redirect, you are using a new
session. But since you don't check if it is a new session, it appears that
the user is using the old session. Makes sense?
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ http://tinyurl.com/27cok
----------------------------------------------------------
"hn" <hn@discussions.microsoft.com> wrote in message
news:B744E9BF-1647-463E-9AFD-84267A958A0A@microsoft.com...[color=darkred]
> On my asp.net pages I use session for authentication. If session ends, the
> user should be logged out and redirected to some other page. Currently the
> user is only logged out after 20 minutes or so. when I set timeout=1, the
> user is still able to navigate the authenticated pages after 1 minute of
> being inactive.
>
> "Alvin Bruney [MVP]" wrote:
>
|
|
|
|
|