25  6093 
David Thielen wrote:
I tried:
<sessionState timeout="1">
</sessionState>
bounced IIS, and after 1 minute still had a session.
???
The IIS only clears out old sessions once a minute, so the sessions will
live up to two minutes.
--
Göran Andersson
_____ http://www.guffa.com
Hi Dave,
As for ASP.NET SessionState, the timeout setting does be the "timeout"
attribute of the <sessionStateel ement:
#sessionState Element http://msdn2.microsoft.com/en-us/library/h6bb9cz9.aspx
As for the session timeout behavior, how did you found that the session
hasn't been timeout. When a old session has been timeout, a new one will be
started. Have you checked the sessionID to verify that a different
sessionID has been established?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
=============== =============== =============== =====
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscripti...t/default.aspx.
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.
re:
!Have you checked the sessionID to verify that a different
!sessionID has been established?
Steven,
There is an issue with SessionID, Internet Explorer and Firefox which consists in that,
if all instances of IE/Firefox aren't closed before attempting to create a new session,
the SessionID will be recycled ( the same SessionID will continue to be used ).
Easy repro :
1. Create a Session start time variable in global.asax:
Sub Session_OnStart ()
Session.Content s("SessionStart Time") = Now
End Sub
2. Create a test page, SessionID.aspx :
<%@ Page Language="VB" %>
<html>
<head>
</head>
<body>
<script language="VB" runat="server">
Sub Page_Load(Sende r As Object, E As EventArgs)
Response.Write( "Session ID : " & Session.Session ID)
Response.Write( "<br />")
Response.Write( " Session start time : " & Session("Sessio nStartTime"))
End Sub
</script>
</body>
</html>
3. Set the session timeout in web.config to 1 minute :
<sessionState mode="InProc" cookieless="fal se" timeout="1" />
Now, close all instances of Internet Explorer/Firefox, except one and :
1. Run SessionID.aspx and note the Session ID and the time.
2. After 1 minute and 1 second, refresh the page.
The SessionID will be the same, but the Session start time will be different.
( The SessionID was recycled, but there is a new Session start time, so there's a new session )
3. Now, close Internet Explorer/Firefox and run the same page.
The SessionID will change.
This behavior must be taken into consideration when testing because,
if all browser windows aren't closed, the SessionID will be the same
....even though a new session exists.
I haven't tested other browsers, but suspect that, since IE
and Firefox exhibit the same behavior, the same will happen.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== =====
"Steven Cheng[MSFT]" <st*****@online .microsoft.comw rote in message
news:wT******** ******@TK2MSFTN GHUB02.phx.gbl. ..
Hi Dave,
As for ASP.NET SessionState, the timeout setting does be the "timeout"
attribute of the <sessionStateel ement:
#sessionState Element
http://msdn2.microsoft.com/en-us/library/h6bb9cz9.aspx
As for the session timeout behavior, how did you found that the session
hasn't been timeout. When a old session has been timeout, a new one will be
started. Have you checked the sessionID to verify that a different
sessionID has been established?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
=============== =============== =============== =====
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.
re:
The IIS only clears out old sessions once a minute, so the sessions will live up to two minutes.
Have you tested that ? That is not true.
IIS has nothing to do with session length.
Session length is determined by ASP.NET.
And, invariably, if you set the timeout to 1 minute,
at one minute and 1 second after that time, a new session will start.
See my just-sent reply to Steven Cheng and test it yourself.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== =====
"Göran Andersson" <gu***@guffa.co mwrote in message news:up******** ******@TK2MSFTN GP02.phx.gbl...
David Thielen wrote:
>I tried:
<sessionStat e timeout="1">
</sessionState>
bounced IIS, and after 1 minute still had a session.
???
The IIS only clears out old sessions once a minute, so the sessions will live up to two minutes.
--
Göran Andersson
_____
http://www.guffa.com
David,
See my just-sent reply to Steven Cheng.
The SessionID is recycled if you don't close all browser instances.
i.e., even though you have the same SessionID, you'll have a new session.
Try the code I sent in my reply to Steven and test it yourself.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== =====
"David Thielen" <th*****@nospam .nospamwrote in message
news:DF******** *************** ***********@mic rosoft.com...
>I tried:
<sessionState timeout="1">
</sessionState>
bounced IIS, and after 1 minute still had a session.
???
--
thanks - dave
david_at_windwa rd_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
Hi;
Ok, I changed the timeout to 3 (minutes), restarted IIS, logged in to my app
which we use the ASP.NET membership/role provider for, waited 5 minutes, then
went to a different page and it displayed that page - I was still logged in.
If I wait 21 minutes and go to a different page it makes me log in again.
Am I not understanding something on the session timeout?
--
thanks - dave
david_at_windwa rd_dot_net http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
"Steven Cheng[MSFT]" wrote:
Hi Dave,
As for ASP.NET SessionState, the timeout setting does be the "timeout"
attribute of the <sessionStateel ement:
#sessionState Element
http://msdn2.microsoft.com/en-us/library/h6bb9cz9.aspx
As for the session timeout behavior, how did you found that the session
hasn't been timeout. When a old session has been timeout, a new one will be
started. Have you checked the sessionID to verify that a different
sessionID has been established?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
=============== =============== =============== =====
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.
re:
Ok, I changed the timeout to 3 (minutes), restarted IIS
You don't need to restart IIS.
Editing web.config will start a new application instance and session.
re:
!logged in to my app which we use the ASP.NET membership/role provider for,
!waited 5 minutes, then went to a different page and it displayed that page
!- I was still logged in.
!If I wait 21 minutes and go to a different page it makes me log in again.
If you want your application, which uses ASP.NET membership,
to not keep you logged in for 20 minutes, change the timeout for
the forms authentication cookie.
The session duration has no bearing on the duration
of the timeout period configured for forms authentication.
Look for the "timeout" element of the forms authentication section
<authenticati on mode="Forms">
<forms loginUrl="Login .aspx"
protection="All "
timeout="20"
etc...
/>
....and change *that* timeout to whatever you want to, in minutes.
You will see that the logged-in period changes to match the number of minutes you specify.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== =====
"David Thielen" <th*****@nospam .nospamwrote in message
news:3B******** *************** ***********@mic rosoft.com...
Hi;
Ok, I changed the timeout to 3 (minutes), restarted IIS, logged in to my app
which we use the ASP.NET membership/role provider for, waited 5 minutes, then
went to a different page and it displayed that page - I was still logged in.
If I wait 21 minutes and go to a different page it makes me log in again.
Am I not understanding something on the session timeout?
--
thanks - dave
david_at_windwa rd_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
"Steven Cheng[MSFT]" wrote:
>Hi Dave,
As for ASP.NET SessionState, the timeout setting does be the "timeout"
attribute of the <sessionStateel ement:
#sessionStat e Element
http://msdn2.microsoft.com/en-us/library/h6bb9cz9.aspx
As for the session timeout behavior, how did you found that the session
hasn't been timeout. When a old session has been timeout, a new one will be
started. Have you checked the sessionID to verify that a different
sessionID has been established?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
============== =============== =============== ======
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
============== =============== =============== ======
This posting is provided "AS IS" with no warranties, and confers no rights.
That fixed it. But how are the session and login seperable? It seems to me
that if I lose my session then I've lost what I am working on and so it
should log me out too.
--
thanks - dave
david_at_windwa rd_dot_net http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
"Juan T. Llibre" wrote:
re:
Ok, I changed the timeout to 3 (minutes), restarted IIS
You don't need to restart IIS.
Editing web.config will start a new application instance and session.
re:
!logged in to my app which we use the ASP.NET membership/role provider for,
!waited 5 minutes, then went to a different page and it displayed that page
!- I was still logged in.
!If I wait 21 minutes and go to a different page it makes me log in again.
If you want your application, which uses ASP.NET membership,
to not keep you logged in for 20 minutes, change the timeout for
the forms authentication cookie.
The session duration has no bearing on the duration
of the timeout period configured for forms authentication.
Look for the "timeout" element of the forms authentication section
<authenticati on mode="Forms">
<forms loginUrl="Login .aspx"
protection="All "
timeout="20"
etc...
/>
....and change *that* timeout to whatever you want to, in minutes.
You will see that the logged-in period changes to match the number of minutes you specify.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== =====
"David Thielen" <th*****@nospam .nospamwrote in message
news:3B******** *************** ***********@mic rosoft.com...
Hi;
Ok, I changed the timeout to 3 (minutes), restarted IIS, logged in to my app
which we use the ASP.NET membership/role provider for, waited 5 minutes, then
went to a different page and it displayed that page - I was still logged in.
If I wait 21 minutes and go to a different page it makes me log in again.
Am I not understanding something on the session timeout?
--
thanks - dave
david_at_windwa rd_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
"Steven Cheng[MSFT]" wrote:
Hi Dave,
As for ASP.NET SessionState, the timeout setting does be the "timeout"
attribute of the <sessionStateel ement:
#sessionState Element
http://msdn2.microsoft.com/en-us/library/h6bb9cz9.aspx
As for the session timeout behavior, how did you found that the session
hasn't been timeout. When a old session has been timeout, a new one will be
started. Have you checked the sessionID to verify that a different
sessionID has been established?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
=============== =============== =============== =====
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.
re:
That fixed it.
Yup...
re:
how are the session and login separable?
They are two different objects.
A session will last for as long a period as you set in <sessionstate.. .>
A period of time for your app to remember your login parameters is different.
That's set in the forms timeout property.
ASP.NET membership doesn't need for a session to be active
in order to remember whether your membership parameters are active.
One of those parameters is the time for the app
to remember whether you're logged in or not.
You can choose to base your app on the length of the session,
or on the time needed for your login to expire.
Depending on which of the two objects you choose to control how
your application behaves, the appropiate length will be implemented.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== =====
"David Thielen" <th*****@nospam .nospamwrote in message
news:FF******** *************** ***********@mic rosoft.com...
That fixed it. But how are the session and login seperable? It seems to me
that if I lose my session then I've lost what I am working on and so it
should log me out too.
--
thanks - dave
david_at_windwa rd_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
"Juan T. Llibre" wrote:
>re:
Ok, I changed the timeout to 3 (minutes), restarted IIS
You don't need to restart IIS.
Editing web.config will start a new application instance and session.
re:
!logged in to my app which we use the ASP.NET membership/role provider for,
!waited 5 minutes, then went to a different page and it displayed that page
!- I was still logged in.
!If I wait 21 minutes and go to a different page it makes me log in again.
If you want your application, which uses ASP.NET membership,
to not keep you logged in for 20 minutes, change the timeout for
the forms authentication cookie.
The session duration has no bearing on the duration
of the timeout period configured for forms authentication.
Look for the "timeout" element of the forms authentication section
<authenticatio n mode="Forms">
<forms loginUrl="Login .aspx"
protection="All "
timeout="20"
etc...
/>
....and change *that* timeout to whatever you want to, in minutes.
You will see that the logged-in period changes to match the number of minutes you specify.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
============== =============== ======
"David Thielen" <th*****@nospam .nospamwrote in message
news:3B******* *************** ************@mi crosoft.com...
Hi;
Ok, I changed the timeout to 3 (minutes), restarted IIS, logged in to my app
which we use the ASP.NET membership/role provider for, waited 5 minutes, then
went to a different page and it displayed that page - I was still logged in.
If I wait 21 minutes and go to a different page it makes me log in again.
Am I not understanding something on the session timeout?
--
thanks - dave
david_at_windwa rd_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
"Steven Cheng[MSFT]" wrote:
Hi Dave,
As for ASP.NET SessionState, the timeout setting does be the "timeout"
attribute of the <sessionStateel ement:
#sessionStat e Element
http://msdn2.microsoft.com/en-us/library/h6bb9cz9.aspx
As for the session timeout behavior, how did you found that the session
hasn't been timeout. When a old session has been timeout, a new one will be
started. Have you checked the sessionID to verify that a different
sessionID has been established?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
============== =============== =============== ======
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
============== =============== =============== ======
This posting is provided "AS IS" with no warranties, and confers no rights.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Jon Booth |
last post by:
I want to write an apsx page that when loaded does not refresh
Session.Timeout.
It is going to be running in an iframe and refreshing every couple of
minutes.
example. User has 15 minutes left until session expires. iframe.aspx loads
and session still has 15 minutes left.
Is this possible?
I was trying to grab session.timeout at the begininning of the page (init)
|
by: Jim Heavey |
last post by:
I am wanting to find out a way to timeout my session
This issue is that the user retrieve data from a datatable and that data get stale over time, so after 20 minutes, I want to be able to tell the user that their session has timed out and they will need to refresh their data
I set the session time out in the web config file to 20 minutes, but this does not seems to have no effect. The user is still able to retrieve data and leave that data...
|
by: DavidS |
last post by:
First: There are several ways to confuse one regarding session timeout.
(1) web.config - <sessionState timeout="20">
(2) IIS Manager | Internet Information Services | ServerNode | Default Web Site |
Properties | Configuration | Options | Enable Session State
Session timeout 20
(3) within Global.asax.vb file - Session_Start subroutine can use
Session.Timeout=x minutes or
(4) within any web page, i.e., <web page>.aspx can use...
|
by: Samuel Stanojevic |
last post by:
- I'm using .NET Framework 1.1.
I just noticed that whenever I change the value of Session.Timeout (no
matter which aspx page this happens on), at the end of the request,
the 'Session_End' function gets called in my global.asax code. --More
specifically, it only happens when the page is setting the value of
the timeout to a value different than what it currently is.-- Yet,
the session remains alive, and any variables stored in the...
|
by: Nick |
last post by:
Hi
I am a little stuck. I have a web app which uses cookieless session
management. I would like to inform a user when their session has
ended but cannot work out how to implement. I thought of placing a
redirect into the Session_End method in the global file but this does
not work.
To my understanding a session will end when it has been idle for the
time specified in the web.config file. The user may still have the
| | |
by: UJ |
last post by:
I have a page where the user can upload a video file. As you can guess, this
may take a while. Is there a way I can change the session timeout for just
this one page? I would also want to change the forms authentication to be a
large value for that page also.
TIA - Jeff.
|
by: Annie |
last post by:
hi guys,
I was just wondering if we can override the session timeout for some of
the pages in a web application as defined in the web config?
let is say i have a group of pages A, b, c, d that are only related to
each other and I don't want their session to be expired in 20 min as
set in config file.
is session.timeout sometihng that can help?
|
by: Oliver Jentsch |
last post by:
My session is always 20 minutes.
I tried to change it in the Web.Config, but the session remains to 20
minutes.
My Web.Config ist
<sessionState mode="InProc"
cookieless="false"
timeout="80"
|
by: =?Utf-8?B?UGF1bG8gRmxvcsOqbmNpbw==?= |
last post by:
Hello,
I have a web application in aspx and vb.net 2003. The users are complaining
about session timeout (10 - 60 minutes). My web config file is set up as:
- <authentication mode="Forms">
<forms
name="ACMS"
loginUrl="frmLogin.aspx"
path="/ACMS"
protection="All"
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
