ASP.NET mvc auth or session expires quicker than set

Question

In my ASP.NET MVC5 website the login and session timeout in web.config are as follows:

<system.web>
  <authentication mode="Forms">
    <forms loginUrl="~/Account/Login" slidingExpiration="true" timeout="60"/>
  </authentication>
  <sessionState mode="InProc" timeout="60"/>      
</system.web>

Still the session or authentication times our in five minutes. I have approached my web hosting provide to increase the timeout in IIS and they shared a screenshot after increasing the timeout in IIS, but nothing changed. Any idea why this is happening.

Tetsuya Yamamoto Tetsuya Yamamoto · Accepted Answer · 2016-10-05T08:10:42

First of all, try setting session timeout on Session_Start method inside Global.asax:

void Session_Start(object sender, EventArgs e)
{
    Session.Timeout = 60;
}

Note: By using in-process session state, your sessions will wiped out every IIS application pool recycles, which in your issue app pool recycled after 5 minutes.

If above attempt doesn't work and you have access to server's IIS management, do these steps:

Open IIS Manager.
Select Application Pools => [your app pool name] => Recycling/Advanced Settings.
Enable Regular time interval (minutes) and set it to 60, then apply your changes.

If you don't have access on both IIS Manager & SQL Server configurations, you might want to try DB-based session state management instead of InProc mode (see MSDN reference below).

DB-based session state requires changing mode attribute to SQLServer, e.g.:

<system.web>
    <sessionState mode="SQLServer" sqlConnectionString="Integrated Security=SSPI;Data Source=SERVERNAME;Initial Catalog=DATABASE" />
</system.web>

Reference:

MSDN: https://msdn.microsoft.com/en-us/library/ms178586.aspx

Session expires too quickly in asp.net mvc4 application

ASP.NET mvc auth or session expires quicker than set

2 Answers