ASP.NET MVC Session Expiring

Question

I have a requirement to ensure the session expires only after 8 hours. However, users continually say they are getting kicked out multiple times throughout the day

Here are the settings I have:

web.config:

forms name=".MYUNIQUFORMSAUTH" loginUrl="/Login" enableCrossAppRedirects="true" requireSSL="false" timeout="480"
IIS 7 - application pool - Idle Timeout set to 480
ASP --> Session Properties --> 8:00:00

Am I missing something?

Are you sure the apppool is not being recycled or iis restarted? — rocky
This is deployed on a client server but I know IIS would not be getting restarted in business hours. Would the apppool recycle be a manual process? I doubt they would be recycling. — user327999

rocky rocky · Accepted Answer · 2014-11-18T17:49:03

You are setting incorrect attribute in your web.config.

Instead of setting:

<forms timeout="480" ... />

Specifies the time, in integer minutes, after which the cookie expires.

you should set:

<sessionState timeout="480" ... />

Specifies the number of minutes a session can be idle before it is abandoned.

ASP.NET MVC Session Expiring

1 Answers