ASP.NET 2.0 Session Timeout

2
votes

Already someone has raised this question in this forum regarding session timeout. Would appreciate if someone can clarify this again.

I have an asp.net 2.0 application which times out after say 15-20 minutes if user didnt do any activity and presses a button on the page(he is redirected to sessionExpired.aspx page). I have set the session timeout to 60 minutes in my web.config file but still somehow the user is timed out.

I have another question related to this regarding the Session Timeout Precedence. Does IIS session timeout take priority over ASP.NET session timeout. Say if IIS session timeout is set to 20 minutes and ASP.NET session timeout is 60 minutes, does ASP.NET override IIS session timeout.

1
asp.net

1 Answers

3
votes

IIS takes precedence, but they deal with slightly different scenarios.

In the case of IIS, the default 20 minutes time-out for the application pool is referring to incoming requests. If your application doesn't receive any requests at all for 20 minutes then the application pool is put to sleep to save resources. When this happens all the sessions in your application are gone.

The ASP.NET session time-out deals with per-session requests. Your site could be quite busy, but if one user (i.e. session) is not active for 20 minutes only that session is discarded.

So yes, to make sure the session stays alive for 60 minutes you have to change the time-out settings for the IIS application pool as well as web.config.

Another way of approaching this problem is to periodically send a small AJAX "ping" (i.e. a page request with a random ID to prevent browser caching) back to the server. This way, as long as the user doesn't close the browser, the session will be preserved.