Session timeout

Hi Barbara,

As for the setting long time for sessoin timeout's concerns, here are some
of my suggestions:

The SessionState is the serverside resource which is used to mantains datas
between mulit requests(since the web application is stateless and
request/response mode based) for a certain client user. And since in web
application, it's stateless and request/response based, that'll be hard for
the serverside to accurately control the lifecycle of each user's
sessionstate, so we need to set a timeout limitation, if the user 's
sessionstate has been idle longer than the value, the session will be
ended. So, if we set the timeout value too long, that means the serverside
will have to hold the useless session for a long time even if the user has
already left the web application without close browser. That's why
generally we won't set the timeout too long. IN addtion, in asp.net there
are different session mode to maintain the sessonState such as
Inprocess(store in the webserver's memory)
StateServer(store in a particular server's memory)
SQLServer Mode(store sessionState data in SQLServer)
Each of them has its own feature on performance: You may have a look in the
MSDN's reference:
#Session State
http://msdn.microsoft.com/library/en...ionstate.asp?f
rame=true

In addition, since using session is unavoidable, the most we can do is to
reduce the cost of Session on asp.net web page, we can disable session in
those pages which don't need it as much as possible. Following reference is
discussing on some steps we can take to imporve asp.net web application's
performance:

#Developing High-Performance ASP.NET Applications
http://msdn.microsoft.com/library/en...lopinghigh-per
formanceaspnetapplications.asp?frame=true

As for another question in your intial post ,I'm afraid, currently we
haven't any means to let the Session end when the client user minimize the
browser.

Please have a look at the above resources. Hope help. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Barb,

HI! Most likely this is going to depend on how many users you are supporting on the system. If it 20 or so then do it, I gather it's a internal application. I wouldn't host the application on a server that is hosting sites for the public sector though. What may be a better solution is write JS code that fires a post back every so often so the session never really expires. The Meta Refresh tag might work as well.

Another point of advice don't use the instate session management. I've never seen it work correctly even on Verios servers. What happens is that if you upload new project files or even if a Virus scanner scans any of the project files it causes the ASPNET process to restart it's self. This is very cute. Use state server you'll be happier with that.

-Calvin Luttrell
www.ProjectThunder.com

I wrote a asp.net app for a client to enter Purchase Requisitions for IT
purchases (using Session variables). The users want the session timeout to
be set to at least an hour because they are constantly interrupted when
entering PRs. I know I can change it in the web.config but is there any
cons to making the timeout that long or even longer?

Another question, can the timeout be programmatically changed based on the
user minimizing their IE window? They want no timeout if window minimized.

Hi Barbara,

Have you had a chance to check out the suggestions in my last reply or have
you got any further ideas on this issue? If you have anything unclear or if
there're anything else we can help, please feel free to post here. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx