I'm using .NET 4.5, and my site is logging users out after 10 minutes of inactivity, even though I have login time set to 45 minutes.
It's very frustrating for the users.
In web.config, for sessionState this is what i have:
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="45">
and for authentication :
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" defaultUrl="~/" protection="All"/>
</authentication>
it's hosted on GoDaddy whose support is useless, but it means I can't control the app pool recycling but I don't think that's the issue.
I just can't get to the bottom of it.
Can anyone help?
Related
I have created one web application and when i run application in normal browser windows it works perfectly. But when i open same application in iFrame tag my cookies get vanished automatically.
When I Inspect browser window i can see the cookies and session but it won't work.
enter image description here
This is probably because you have not set the domain on the web.config
Some times you call the iframe with out the www. on your domain, and this is set a different cookie than when you have the www.
so on web.config set the domain where its needed, eg:
<authentication mode="Forms">
<forms domain="local.com" />
</authentication>
<httpCookies domain="local.com" />
I have added below config in web.config file
<sessionState mode="InProc" timeout="500" cookieSameSite="None"/>
<httpCookies httpOnlyCookies="true" requireSSL="true" domain="local.com"/>
<authentication mode="Forms">
<forms loginUrl="~/Auth" timeout="500" slidingExpiration="true" domain="local.com"/>
</authentication>
But still cookies not set. Could you please assist?
I am using an MVC application and I have set the session timeout to 100 minutes.
The problem is that the session timeout occurs even though I am using the system. Is it possible to prevent a session timeout when the system is in use.
I'm using this code to set the session timeout:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<sessionState timeout="100">
</sessionState>
Please correct me if I am using the wrong method, thank you.
someone made a site in .net which am taking over.
when someone is logged in, it logs you out automatically after a short while.
in the web.config theres this code which am assuming controls the time:
<httpRuntime
executionTimeout="12000"
maxRequestLength="307200"
useFullyQualifiedRedirectUrl="false"
minFreeThreads="8"
minLocalRequestFreeThreads="4"
appRequestQueueLimit="100"
enableVersionHeader="true"
requestValidationMode="2.0"
/>
now what does the "12000" number mean
can i change the length of time in this code
and whats the diffrence between executionTimeout and maxRequestLength
thanks
If you're using Authentication Forms, look for system.web - authentication in web.config. There, you have a Timeout parameter.
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="60"/>
</authentication>
I don't think that is the property you are looking for what is more likely is that the session is timing out
Session timeout in ASP.NET
Should help you
my web app sign out every one minute, .aspxauth cookie set to (20 days) and asp.net_sessionid set to (session end), i want to make my site (remember me).
i am using the below code -but to no avail-:
<authentication mode="Forms">
<forms
loginUrl="~/Account/Login.aspx"
protection="All"
timeout="30160"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="false"
defaultUrl="~/Default.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false" />
</authentication>
How do I prevent my app from signing out so often?
Look like everything is in default setting, so use the following setting.
<forms loginUrl="~/Account/Login.aspx"" timeout="30160" />
In web.config, make sure sessionState either doesn't exist at all or is set to something.
<sessionState timeout="20"/>
If you modified the default form authentication, see this post -
Forms Authentication Timeout
I'm implementing "Remember Me" feature, I want the user to not have to enter login/password again.
It's seems to work in local, but in a shared hosting, It last for about 15 minutes then logout. Here is the code:
controller:
FormsAuthentication.SetAuthCookie("username", true);
Web.config:
<authentication mode="Forms" >
<forms loginUrl="~/Account/LogOn" timeout="262974" cookieless="UseCookies" />
</authentication>
<sessionState mode="InProc" timeout="262974" cookieless="UseCookies" />
EDIT
I've added the sessionState, but still the same problem, working on local and not on the server?
what am I missing?
Look into the sessionstate element in your web.config. For example:
<sessionState mode="InProc" timeout="60" />
Check out the following SO question for differences between the sessionstate element and the forms element in your web.config:
Differences in forms auth timeout and session timeout
The accepted answer by #womp states the following:
A session starts every time a new user hits the website, regardless of
whether or not they are anonymous. Authentication has very little to
do with Session.
Authentication timeout is the amount of time that the authentication
cookie is good for on the user's browser. Once the cookie expires,
they must re-authenticate to access protected resources on the site.
So, if Session times out before the Authentication cookie - they are
still authenticated, but all their session variables disappear, and
may cause errors in your website if you are not disciplined in
checking for nulls and other conditions brought about by missing
session.
If Authentication times out before the session, then all their session
variables will still exist, but they won't be able to access protected
resources until they log back in again.
I finally found the solution, I had to use StateServer instead of InProc and also a machine key, Here is the full solution:
Controller:
FormsAuthentication.SetAuthCookie("username", true);
Web.config:
<authentication mode="Forms" >
<forms loginUrl="~/Account/LogOn" timeout="262974" cookieless="UseCookies" />
</authentication>
<sessionState mode="StateServer" timeout="262974" cookieless="UseCookies" />
<machineKey validationKey="5BAE63F50C69C1BBB7BFC2E696674389C307E28E9DEB60FB273B85CAD8FC3C2261FB13DF92B90A99C6EB684FDB1F6E3E92E1A42083EB77B5918126DD52245FB5" decryptionKey="11F6FE0C790413FFF3E230387168016B212216DEF727C4157CDDD0558BEAE5B7" validation="SHA1" decryption="AES" />
I have a shared hosting with Arvixe and it's in their Support where I found the solution: support.arvixe.com
Go to : ASP.NET Settings and scroll to Session settings change "value" none to "Forms" It will be done!