You must Sign In to post a response.
  • Category: ASP.NET

    Session Timeout Problem

    The forum thread has not been reviewed by Editors yet. Readers are advised to use their best judgement before accessing this thread.
    This thread will be reviewed shortly.
    If you think this thread contain inappropriate content, please report to webmaster.
    Hi guys,

    The session in my application often gets expired.

    I've tried giving session timings both
    in the page directive of the page
    as well as
    in the Global.asax file

    It works for sometime and getting expired very soon sometimes.

    Can anyone help me out in solving this problem.

    With Thankx and Regards,
    Sashi.
  • #24
    Hi

    Have u set any time limit in the web.config file if not then set like this
    <sessionState
    mode="InProc"
    stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
    cookieless="false"
    timeout="20"
    />

    these are the lines will create for u default...so there is no need to give in a page level or in global.ascx pages..Here the timeout "20" is in minutes if u want u can change in to your requirement....

    If u still get problems please feel free to ask me again...
    Thanking you..
    siva..

  • #4125
    hi Shiva
    even I set web.config time out to 90 min while I navigate the links in my appliction, with in 10 or 20 min I am thrown to logout Page.
    Can you give me solution is there any other reson for Session time out other than setting TimeOut in Web.Config(its urgent senario for my application to solve)

    Regards
    Sreekanth

  • #5003
    Hi Sashi,

    I think you are setting session timeout at other places too. Remove page level setting or global.asax for session timeout. Just keep it in Web.config. This setting is being overridden some place.

    Dharmesh

  • #22699
    Hi
    if u have an anti virus then stop it and try again
    cause antivirus updated the last tiem modified attribute of the checked files
    so that when the anti virus check the web.config it will update the last modified time
    and then the application will restart

  • #28519
    Hi
    I have tried as u specified in web.config but still I have problem with session expiration. It is being expired even I am continuously using the application. Session may expire if I don't use the application for sometime. But I am continuously using without keeping idle even for 5mins, it is getting expired. I need your help. very urgent. I am sending my web.config code also below,

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    <appSettings>
    <add key="dataconn1" value="User ID=sa;Password=saadmin;database=RevolutionDB_Devs;server=chen-dktp-050\Explore"/>
    <add key="SSO" value="1"></add>
    </appSettings>

    <system.web>

    <identity impersonate="true"/>
    <!--
    DYNAMIC DEBUG COMPILATION
    Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
    false will improve runtime performance of this application.
    Set compilation debug="true" to insert debugging symbols (.pdb information)
    into the compiled page. Because this creates a larger file that executes
    more slowly, you should set this value to true only when debugging and to
    false at all other times. For more information, refer to the documentation about
    debugging ASP.NET files.
    -->
    <compilation
    defaultLanguage="c#"
    debug="true"
    />

    <!-- CUSTOM ERROR MESSAGES
    Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
    Add <error> tags for each of the errors you want to handle.

    "On" Always display custom (friendly) messages.
    "Off" Always display detailed ASP.NET error information.
    "RemoteOnly" Display custom (friendly) messages only to users not running
    on the local Web server. This setting is recommended for security purposes, so
    that you do not display application detail information to remote clients.
    -->
    <customErrors
    mode="Off"
    />

    <!-- AUTHENTICATION
    This section sets the authentication policies of the application. Possible modes are "Windows",
    "Forms", "Passport" and "None"

    "None" No authentication is performed.
    "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
    its settings for the application. Anonymous access must be disabled in IIS.
    "Forms" You provide a custom form (Web page) for users to enter their credentials, and then
    you authenticate them in your application. A user credential token is stored in a cookie.
    "Passport" Authentication is performed via a centralized authentication service provided
    by Microsoft that offers a single logon and core profile services for member sites.
    -->
    <authentication
    mode="Forms" >
    <forms name="Default" loginUrl="Default.aspx" protection="All" timeout="60" path="/" />
    </authentication>

    <authorization>
    <deny
    users="?" />
    </authorization>


    <!-- APPLICATION-LEVEL TRACE LOGGING
    Application-level tracing enables trace log output for every page within an application.
    Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
    trace information will be displayed at the bottom of each page. Otherwise, you can view the
    application trace log by browsing the "trace.axd" page from your web application
    root.
    -->
    <trace
    enabled="false"
    requestLimit="10"
    pageOutput="false"
    traceMode="SortByTime"
    localOnly="true"
    />

    <!-- SESSION STATE SETTINGS
    By default ASP.NET uses cookies to identify which requests belong to a particular session.
    If cookies are not available, a session can be tracked by adding a session identifier to the URL.
    To disable cookies, set sessionState cookieless="true".
    -->
    <sessionState
    mode="InProc"
    stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
    cookieless="false"
    timeout="60"
    />

    <!-- GLOBALIZATION
    This section sets the globalization settings of the application.
    -->
    <globalization
    requestEncoding="utf-8"
    responseEncoding="utf-8"
    />
    <httpRuntime
    executionTimeout="90"
    maxRequestLength="102400"
    useFullyQualifiedRedirectUrl="false"
    minFreeThreads="8"
    minLocalRequestFreeThreads="4"
    appRequestQueueLimit="100"
    />

    </system.web>

    </configuration>

  • #28521
    Hi
    I have tried as u specified in web.config but still I have problem with session expiration. It is being expired even I am continuously using the application. Session may expire if I don't use the application for sometime. But I am continuously using without keeping idle even for 5mins, it is getting expired. I need your help. very urgent. I am sending my web.config code also below,

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    <appSettings>
    <add key="dataconn1" value="User ID=sa;Password=saadmin;database=RevolutionDB_Devs;server=chen-dktp-050\Explore"/>
    <add key="SSO" value="1"></add>
    </appSettings>

    <system.web>

    <identity impersonate="true"/>
    <!--
    DYNAMIC DEBUG COMPILATION
    Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
    false will improve runtime performance of this application.
    Set compilation debug="true" to insert debugging symbols (.pdb information)
    into the compiled page. Because this creates a larger file that executes
    more slowly, you should set this value to true only when debugging and to
    false at all other times. For more information, refer to the documentation about
    debugging ASP.NET files.
    -->
    <compilation
    defaultLanguage="c#"
    debug="true"
    />

    <!-- CUSTOM ERROR MESSAGES
    Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
    Add <error> tags for each of the errors you want to handle.

    "On" Always display custom (friendly) messages.
    "Off" Always display detailed ASP.NET error information.
    "RemoteOnly" Display custom (friendly) messages only to users not running
    on the local Web server. This setting is recommended for security purposes, so
    that you do not display application detail information to remote clients.
    -->
    <customErrors
    mode="Off"
    />

    <!-- AUTHENTICATION
    This section sets the authentication policies of the application. Possible modes are "Windows",
    "Forms", "Passport" and "None"

    "None" No authentication is performed.
    "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
    its settings for the application. Anonymous access must be disabled in IIS.
    "Forms" You provide a custom form (Web page) for users to enter their credentials, and then
    you authenticate them in your application. A user credential token is stored in a cookie.
    "Passport" Authentication is performed via a centralized authentication service provided
    by Microsoft that offers a single logon and core profile services for member sites.
    -->
    <authentication
    mode="Forms" >
    <forms name="Default" loginUrl="Default.aspx" protection="All" timeout="60" path="/" />
    </authentication>

    <authorization>
    <deny
    users="?" />
    </authorization>


    <!-- APPLICATION-LEVEL TRACE LOGGING
    Application-level tracing enables trace log output for every page within an application.
    Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
    trace information will be displayed at the bottom of each page. Otherwise, you can view the
    application trace log by browsing the "trace.axd" page from your web application
    root.
    -->
    <trace
    enabled="false"
    requestLimit="10"
    pageOutput="false"
    traceMode="SortByTime"
    localOnly="true"
    />

    <!-- SESSION STATE SETTINGS
    By default ASP.NET uses cookies to identify which requests belong to a particular session.
    If cookies are not available, a session can be tracked by adding a session identifier to the URL.
    To disable cookies, set sessionState cookieless="true".
    -->
    <sessionState
    mode="InProc"
    stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
    cookieless="false"
    timeout="60"
    />

    <!-- GLOBALIZATION
    This section sets the globalization settings of the application.
    -->
    <globalization
    requestEncoding="utf-8"
    responseEncoding="utf-8"
    />
    <httpRuntime
    executionTimeout="90"
    maxRequestLength="102400"
    useFullyQualifiedRedirectUrl="false"
    minFreeThreads="8"
    minLocalRequestFreeThreads="4"
    appRequestQueueLimit="100"
    />

    </system.web>

    </configuration>

  • #31228
    Hello Dear,

    I was working in such application and i have the same problem.
    When i was logged in i created a session that hold user information, such as username, password, and other user data for security issues. I think the problem that i began looking for is the limitaion of session. so i think you should take care of your data limitation size, and whether if the session could hold it all.

    regards,

  • #35511
    One possible explaination is that you are using .Net Server 2003 and your IIS Application Pool is configured to recycle the worker process after 10 minutes. When the asp worker process is recycled, the session state is dropped and the user is forced to log in again.

  • #35553
    Hi all,
    Well, we solve the problem, we was hosting our web application at web garden architicture server machines (multi server machines), at that time our session mode was InProcess so, no unexpected logged out was happen in our local machines but when we host it to server unexpected logged out appears. So, wab garden server machines seems to distribute our worker processes so Session mode shall be in StateServer mode.

    As i read, and for the reason that Worker process is distributed, you cannot use InProcess mode.
    therefore, you should set session mode to stateserver, and make sure that your Session object is Serialized and any other objects that it used shall not be serialized.

    another thing make sure that you don't miss your connections (leaking of connections) by disposing each connection opened, since any exception appeared within uses of connection will not close it, it will still opened so try to dispose connections always, even if you close it..

    hope it helps.

  • #35781
    Under ASP.NET , the timeout error message reads as follows:
    Exception Details: System.Web.HttpException: Request timed out.

    In .NET, there is an additional setting for this. The default script timeout is set to 90 seconds by the httpRuntime section of the machine.config file. You can change this setting to affect all applications on your site, or you can override the settings in your application-specific web.config as follows:

    <system.web>
    <httpRuntime executionTimeout="900" />
    </system.web>

    The .NET config files are usually stored in the folder C:\Windows\Microsoft.NET\Framework\[version]\Config where [version] is the version of the .NET Framework such as v1.1.4322. You may need to restart IIS for such changes to take effect.

  • #46714
    My app is not in a Server farm and I'm still having problems... Does anyone have new information on this topic? I like the suggestion about increasing the executionTimeout but it this all we know. I really had no problem but the users run across this all the time.

  • #49231
    Hi
    You have to set the session timeout in default website also. Do the following. go to IIS Manager, right click on the virtual directory and choose properties. Now go to virtual directory tab, click Configuration button. now a dialog box will appear. choose AppOptions tab. Set the session timeout that u need. This will solve the problem. If you are agin getting the same problem then set the same thing for Default WebSite also.

    Sreetharan S.T

  • #59858
    Dave,

    I assume your using cookie-less sessions like me . . . now just a warning, I still have session ending problems, but not even a 1/4 as much. Redirects, page and application errors, the debugger running, and runtime configurations were all found to cause the session end function.

    1.) I first noticed session ending during the redirect operation. Next most important was code executing after the redirect. I found when I use redirect, any coding following the redirect statement will execute and may cause errors.

    2.) Any page or application errors may cause a session end. I set up an email message in the page catch statement and application level to track down bad coding on my part.

    3.) Configuration of HttpRuntime help too, I found certain threading issues. This is my current webconfig statement: <httpRuntime minFreeThreads="12" minLocalRequestFreeThreads="12" executionTimeout="250"/>

    4.) If in production turn off debug, your application will running harder if turn on.
    <compilation defaultLanguage="vb" debug="false" />

    I'm certainly not the smartest human on earth but all these topics helped me run sessions better. I have also noticed when an application starts the first session will crash after a couple requests just about every time; sounds crazy right. I have been told smart developers use cookies and view state. I see both a step in the wrong direction so I'm working on the session method.

    Brian Lee
    www.kudoskido.com

  • #133563
    Hi all,
    My problem is that session is working fine in one machine and it is not working on the other machine.I have a local copy of an application installed on two machines.The configuration of both the machines are identical and same code with no modification has been deployed on both the machines.This is a .Net 1.1 application and deployed on IIS 5.1.The session is defined in the IIS and also in the web.config.[mode="InProc"] as it is a small application with minimum users.

    I have seen the Application log in the event viewer there is no log of the aspnet_wp.exe being refresh or recycled.

    on the other hand,I have made a POC and tried on the same machine where the session does not expire.I have never faced such a situation.Help needed!!

  • #133564
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    <appSettings>
    <add key="ConnStr" value="Data Source=ashishcomp;Initial Catalog=prosys;User ID=sa;Password=sa;Max Pool Size=75000;"/>
    <!--<add key="ServerIPAddress" value=""/> IP Address of mail server 65.214.165.5 -->
    <add key="ServerIPAddress" value="127.0.0.1"/> <!-- IP Address of mail server -->
    <add key ="MailFrom" value= "mrv@mrvmarketing.com"/>
    <add key="MailSubject" value = "MRV Notice: Pricing Update"/>

    </appSettings>
    <system.web>

    <!-- DYNAMIC DEBUG COMPILATION
    Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
    false will improve runtime performance of this application.
    Set compilation debug="true" to insert debugging symbols (.pdb information)
    into the compiled page. Because this creates a larger file that executes
    more slowly, you should set this value to true only when debugging and to
    false at all other times. For more information, refer to the documentation about
    debugging ASP.NET files.
    -->
    <compilation
    defaultLanguage="c#"
    debug="true"
    />

    <!-- CUSTOM ERROR MESSAGES MMS2K3SRVR MMS-E56E0E6184A
    Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
    Add <error> tags for each of the errors you want to handle.

    "On" Always display custom (friendly) messages.
    "Off" Always display detailed ASP.NET error information.
    "RemoteOnly" Display custom (friendly) messages only to users not running
    on the local Web server. This setting is recommended for security purposes, so
    that you do not display application detail information to remote clients.
    -->
    <customErrors
    mode="Off"
    />

    <!-- AUTHENTICATION
    This section sets the authentication policies of the application. Possible modes are "Windows",
    "Forms", "Passport" and "None"

    "None" No authentication is performed.
    "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
    its settings for the application. Anonymous access must be disabled in IIS.
    "Forms" You provide a custom form (Web page) for users to enter their credentials, and then
    you authenticate them in your application. A user credential token is stored in a cookie.
    "Passport" Authentication is performed via a centralized authentication service provided
    by Microsoft that offers a single logon and core profile services for member sites.
    -->
    <!-- <authentication mode="Windows" /> -->

    <!-- AUTHORIZATION
    This section sets the authorization policies of the application. You can allow or deny access
    to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
    (unauthenticated) users.
    -->
    <authentication mode="Forms">

    <forms name="mrvppAuth01" loginUrl="login.aspx" protection="All" timeout="100">

    <credentials passwordFormat="SHA1">
    </credentials>

    </forms>

    </authentication>

    <authorization>
    <allow users="*" /> <!-- Allow all users -->
    <!-- <allow users="[comma separated list of users]"
    roles="[comma separated list of roles]"/>
    <deny users="[comma separated list of users]"
    roles="[comma separated list of roles]"/>
    -->
    </authorization>

    <!-- APPLICATION-LEVEL TRACE LOGGING
    Application-level tracing enables trace log output for every page within an application.
    Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
    trace information will be displayed at the bottom of each page. Otherwise, you can view the
    application trace log by browsing the "trace.axd" page from your web application
    root.
    -->
    <trace
    enabled="false"
    requestLimit="10"
    pageOutput="false"
    traceMode="SortByTime"
    localOnly="true"
    />

    <!-- SESSION STATE SETTINGS
    By default ASP.NET uses cookies to identify which requests belong to a particular session.
    If cookies are not available, a session can be tracked by adding a session identifier to the URL.
    To disable cookies, set sessionState cookieless="true".
    -->

    <sessionState
    mode="InProc"
    stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="Data Source=ashishcomp;User ID=sa;Password=sa"
    cookieless="false"
    timeout="20"
    />
    <!-- GLOBALIZATION
    This section sets the globalization settings of the application.
    -->
    <globalization
    requestEncoding="utf-8"
    responseEncoding="utf-8"
    />

    </system.web>

    </configuration>

  • #133635
    Hi all,
    After all my problem is solved I have used the server.transfer () instead of response.redirect()...but still suggestions open.

  • #134052
    Try using sessionstate mode=stateserver, because the worker process my recycle any session in InProc will be deleted from memory along with the recycle. The stateserver do not recycle with the worker processing and will allow for longer session times.

  • #181287
    Hi, thanks for this topic.
    I worked hard for this problem.
    And at last, I tell the problem to my hosting support. Then, the problem solved.
    Here is their message....

    "We understand your request, It is IIS setting that reset ideal process after few mins if not used to refresh memory for IIS service.
    We could allow your domain name the maximum time before service restart and that will help to resolve your issue.

    Our admin has modified for you and it should work OK now."

  • #204420
    Ok. If changing the timeout session in IIS do not work, you have 2 other solutions.
    The first one is to remove the check of the session timeout in IIS, then the timeout will be read from the webconfig.
    The second solution is to add the following code in the web.config file under <system.web>
    <sessionState mode="InProc"
    cookieless="false"
    timeout="240"/>
    It works perfectly :)
    I have to write the answer somewhere because I lost 2 days of searching google and learning stuff I don't think I would use again :)

  • #235240
    Hi guys ,
    I also faced the same problem of session timeout not working properly even changing the web config property.
    Later when i debuged the code i found out that in FormsAuthenticationTicket I was setting the cookie expiration time out as something else than my session value on the web.config.This value I changed in my login form to solve the problem <<<<<DateTime.Now.AddMinutes(60)>>>>> this setting i changed as per the web.config setting.

    FormsAuthenticationTicket authTicket =
    new FormsAuthenticationTicket(1, // version
    txtUserName.Text,
    DateTime.Now,
    DateTime.Now.AddMinutes(60),
    false,@"\");

    Happy coding

  • #340832
    Session: Its nothing but defined as a period of time shared between the web application and user. Every user has individual session. Items/Objects can be placed into the Session which would only define these object for that user. Session contains key variables which help to identify the related values. This can be thought of as a hash table. Each user would represent a different key node in the hash identifying unique values. The Session variables will be clear by the application which can clear it, as well as through the timeout property in the web config file. Usually the timeout is 20 minutes by default.



    Session Variables are stored on the server, can hold any type of data including references, they are similar to global variables in a windows application and use HTTP cookies to store a key with which to locate user's session variables.



    The collection of session variables is indexed by the name of the variable or by an integer index. Session variables are created by referring to the session variable by name. You do not have to declare a session variable or explicitly add it to the collection.



    Lets get it cleared from following example:



    Session["firstName"] = "Gaurav" //User's first name

    Session["lastName"] = "Arora" //User's last name



    // Clear the session variable

    Session["FirstName"] = null;



    //Clear all Session variables

    Session.Abandon();

    Thanks & regards,
    Gaurav Kumar Arora
    Site Coordinator - DNS
    My blog - http://gaurav-arora.com


  • This thread is locked for new responses. Please post your comments and questions as a separate thread.
    If required, refer to the URL of this page in your new post.