How can I remove any particular session 5mins after it's creation. I found this code to define session time out but it removes all sessions. I have many sessions which gets create browsing throughout the website. How can I remove one single session.
<system.web>
<compilation debug="true"/>
<authentication mode="Forms"/>
<sessionState mode="InProc" cookieless="false" timeout="1">
</sessionState>
</system.web>
You can use Session.Remove() method;Session.Remove
Session.Remove("yourSessionName");
Include this in you web.config file:
using web.config
<sessionState timeout="minutes"/>
Using IIS
Change the following time-outs in Internet Services Manager .Choose a value greater than the default of 20.
Select Default Web Site > Properties > Home Directory > Application
Settings > Configuration > Options.
Enable the session state time-out and set the Session timeout for 60 minutes.
Select Application Pools > DefaultAppPool > Properties.
From the Performance tab under Idle timeout, set Shutdown worker
processes after being idle for a value higher than 20.
The default session time-out setting on IIS is 5 minutes but it can be increased to a maximum of 24 hours or 1440 minutes.
i am really facing a problem with asp.net web application. i am using sessions and it seems to be fine on my local machine and IIS server.
but on my live server sessions are expiring randomly(5min max up to 30min). i have tried almost all the possibilities but i never win.
please advise me how can i fix my problem.
Did you try from webconfig..
<configuration>
<system.web>
<sessionState timeout="20"></sessionState>
</system.web>
</configuration>
Try to implement log in global.asax on session_end event and set session mode to InProc
void Session_End(object sender, EventArgs e)
{
// Code that runs when a session ends.
// Note: The Session_End event is raised only when the sessionstate mode
// is set to InProc in the Web.config file. If session mode is set to StateServer
// or SQLServer, the event is not raised.
}
<configuration>
<system.web>
<sessionState mode="InProc" timeout="20"></sessionState>
</system.web>
</configuration>
so that you can find out the cause which is expiring the session.
I have also been looking into the same thing and found a similar post that says your app memory may have been recycled due to lack of memory.
random IIS session timeout
I have an Asp.net Mvc application with razor views engine , in which i used a variable Session['user'] : when an user log on the application Session['user'] = login and in the logout this variable takes as value Null.
The problem is that there is a short timeout and the session variable expires : if i do nothing in one minute after log on the application Session['user'] =null automatically.
So how can i set the timeout of the session's variable unlimited until it is changed by program?Any suggestions?
So how can i set the timeout of the session's variable unlimited until it is changed by program?Any suggestions?
You can't set timeout value to unlimited.
You can increase the time out value in minutes using the timeout attribute of sessionState element in web.config.
SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
(120 = minutes)
<sessionState mode="StateServer" cookieless="false" timeout="120"/>
Check out this Session-Time out
You cannot assign it to unlimited. You can increase the value in minutes using the time out attribute of Session state element in web.config
<sessionState timeout="30">
</sessionState>
By default session timeout value is 20 minutes. Also in your case if you are using forms authentication, check the authentication time out value as well
<authentication mode="Forms">
<forms loginUrl="logon.aspx"
protection="All" path="/" timeout="30" />
</authentication>
It's timeout of the session, not the variable. Set it in configuration in minutes
<sessionState timeout="30" />
It is not possible to set the session time out to unlimited.
Instead set the session time out to a high value.
Example:
<configuration>
<system.web>
<sessionState mode="InProc" timeout="350" />
</system.web>
</configuration>
I had a similar problem earlier and it was not about the Session Timeout value. Hence, Sometimes its now about the Timeout period. This Session Timeout may be set to 20 mins or more but if the hosting server or your computer is VERY LOW on MEMORY. The Session values are then cleared and the user will have to sometimes login again.
This low memory is sometimes caused by STORING IMAGES or BINARY VALUES in the Database instead of storing as Files on the Server and access them using System.IO.File procedure. So when you attempt to fetch some records, their IMAGES DATA on the TABLE will also be fetched, resulting in a SIGNIFICANT reduction in performance and also OVER-CONSUMPTION of available MEMORY.
IT MAY BE THAT YOUR COMPUTER OR HOSTING IS VERY LOW ON MEMORY (Not Storage Space)
Hope this helps.
I have read some issues related to session time out and i have changed the settings but no avail.
This is entry of session in web.config. i want to expire the session after 5 hours.
<sessionState mode="InProc" timeout="300" />
On Login page i am adding user name in session
Session.Add("Authenticated", UserName);
and my each page is inherited with BasePage and in base class i have this check for each page.
if (Session["Authenticated"] == null)
{
Response.Redirect("../userlogin.aspx");
}
but session expires before one hour.
I want to confirm that during this there is no change in web.config, Bin folder files etc.
Take a look at this ASP.NET Session Timeouts.
Besides IIS Idle timeout there is Forms authentication timeout, which is 30 min by default. So you will be redirected to the login page before the session actually expired.
<system.web>
<authentication mode="Forms">
<forms timeout="300"/>
</authentication>
<sessionState timeout="300" />
</system.web>
If you are hosting it on IIS6 (Win2K3) then go to the settings in the Application Pool in which your application runs. You need to set it there as well.
I am running an ASP.NET 2.0 application in IIS 6.0. I want session timeout to be 60 minutes rather than the default 20 minutes. I have done the following
Set <sessionState timeout="60"></sessionState>
in web.config.
Set session timeout to 60 minutes in IIS manager/Web site properties/ASP.NET configuration settings.
Set idle timeout to 60 minutes in application pool properties/performance.
I am still getting a session timeout at 20 minutes. Is there anything else I need to do?
Are you using Forms authentication?
Forms authentication uses it own value for timeout (30 min. by default). A forms authentication timeout will send the user to the login page with the session still active. This may look like the behavior your app gives when session times out making it easy to confuse one with the other.
<system.web>
<authentication mode="Forms">
<forms timeout="50"/>
</authentication>
<sessionState timeout="60" />
</system.web>
Setting the forms timeout to something less than the session timeout can give the user a window in which to log back in without losing any session data.
I don't know about web.config or IIS.
But I believe that from C# code you can do it like
Session.Timeout = 60; // 60 is number of minutes
Use the following code block in your web.config file.
Here default session time out is 80 mins.
<system.web>
<sessionState mode="InProc" cookieless="false" timeout="80" />
</system.web>
Use the following link for Session Timeout with popup alert message.
Session Timeout Example
FYI:The above examples is done with devexpress popup control so you need to customize/replace devexpress popup control with normal popup control. If your using devexpress no need to customize
In my situation, it was Application Pool. It is set to restart when idle for xx mins. When I set it to not restart, it seems to use value from Web Config.
Do you have anything in machine.config that might be taking effect? Setting the session timeout in web.config should override any settings in IIS or machine.config, however, if you have a web.config file somewhere in a subfolder in your application, that setting will override the one in the root of your application.
Also, if I remember correctly, the timeout in IIS only affects .asp pages, not .aspx. Are you sure your session code in web.config is correct? It should look something like:
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
stateNetworkTimeout="60"
sqlConnectionString="data source=127.0.0.1;Integrated Security=SSPI"
cookieless="false"
timeout="60"
/>
That is usually all that you need to do...
Are you sure that after 20 minutes, the reason that the session is being lost is from being idle though...
There are many reasons as to why the session might be cleared. You can enable event logging for IIS and can then use the event viewer to see reasons why the session was cleared...you might find that it is for other reasons perhaps?
You can also read the documentation for event messages and the associated table of events.
https://usefulaspandcsharp.wordpress.com/tag/session-timeout/
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" timeout="60" slidingExpiration="true" />
</authentication>
<sessionState mode="InProc" timeout="60" />
If you are using Authentication, I recommend adding the following in web.config file.
In my case, users are redirected to the login page upon timing out:
<authentication mode="Forms">
<forms defaultUrl="Login.aspx" timeout="120"/>
</authentication>
Since ASP.Net core 1.0 (vNext or whatever name is used for it) sessions are implemented differently.
I changed the session timeout value in Startup.cs, void ConfigureServices using:
services.AddSession(options => options.IdleTimeout = TimeSpan.FromSeconds(42));
Or if you want to use the appsettings.json file, you can do something like:
// Appsettings.json
"SessionOptions": {
"IdleTimeout": "00:30:00"
}
// Startup.cs
services.AddSession(options => options.IdleTimeout = TimeSpan.Parse(Config.GetSection("SessionOptions")["IdleTimeout"]));
You can find the setting here in IIS:
It can be found at the server level, web site level, or app level under "ASP".
I think you can set it at the web.config level here. Please confirm this for yourself.
<configuration>
<system.web>
<!-- Session Timeout in Minutes (Also in Global.asax) -->
<sessionState timeout="1440"/>
</system.web>
</configuration>
The default session timeout is defined into IIS to 20 minutes
Follow the procedures below for each site hosted on the IIS 8.5 web
Open the IIS 8.5 Manager.
Click the site name.
Select "Configuration Editor" under the "Management" section.
From the "Section:" drop-down list at the top of the configuration
editor, locate "system.web/sessionState".
Set the "timeout" to "00:20:00 or less”, using the lowest value
possible depending upon the application. Acceptable values are 5
minutes for high-value applications, 10 minutes for medium-value
applications, and 20 minutes for low-value applications.
In the "Actions" pane, click "Apply".
IIS sessions timeout value is for classic .asp applications only, this is controlled on IIS configuration.
In your case For ASP.NET apps, only the web.config-specified timeout value applies.
if you are want session timeout for website than remove
<authentication mode="Forms">
<forms timeout="50"/>
</authentication>
tag from web.config file.
The Timeout property specifies the time-out period assigned to the Session object for the application, in minutes. If the user does not refresh or request a page within the time-out period, the session ends.
IIS 6.0: The minimum allowed value is 1 minute and the maximum is
1440 minutes.
Session.Timeout = 600;
After changing the session timeout value in IIS, Kindly restart the IIS.
To achieve this go to command prompt. Type IISRESET and press enter.