I've an MVC3 website in which I've to redirect the users to the login page if the session timeout expires. After some research, I've got that I have to add to the web.config
<sessionState mode="InProc" cookieless="false" timeout="1"></sessionState>
to set the user session timeout. In this case, if the user is idle it will clear the user session data after 1 min. I've added this
<authentication mode="Forms">
<forms loginUrl="~/Default/Login" timeout="1"/>
</authentication>
to redirect the user to the login page in case of session times out. Actually, It works but I've some questions to understand exactly what is happening:
- What is the relation between these 2 tags? what is the dependency between them?
- Is it mandatory to put the timeout attribute = 1 for both tags?
- Is there a better approach that I can follow to accomplish what I need.
Thanks in advance.