Hi Mark,
thank you for your quick reaction. The session time-out and cokkie
expiration are both set to 1 hour, but sometimes it happens that after let's
say 15 minutes a request from a user has no session cookie attached.
I analyzed the IIS logs and I could see the user logging on and goiing
through the pages with the session cookie information attached to the GET.
But for some reason it sometimes happens that the client doesn't send this
session information which results in a logout.
Why should a browser decide not to send a session cookie although it is not
expired?
"Mark Monster" wrote:
Hello nico,
You can set the session time-out in web.config.
Regards,
Mark Monster
I store the authenticated user in a session cookie. This cookie
expires after an hour. Now for some reason sometimes the client
browser decides not to send the session cookie information with a new
request. This means the server receives a request without user
information and redirect the user to the login page.
Somebody any bright ideas?
TX!
best regards,
nico