Cannot set timeout with asp.net 1.1 over than 20 minutes

Hallo to the group,

my question is this: where i have to set timeout in a web application?
If i set into sessionState with property Timeout="60", after 20
minutes the session is over. Always after 20 minutes, i cannot set a
timeout greater than 20 minutes.

Our configuration is the following:
- Server with Win2003, i.e. IIS 6.0
- Web application developed with vb.net simply composed by:
- login.aspx (only one button that make setAuthCookie)
- home.aspx: label showing the time of the last postback and a
button to make a postback.
- session_timeout.aspx: just to show that the session is over
- a class from which our pages are inherited; that class permit to
check when a new session is started and redirect to
session_timeout.aspx. The only method in our class is:
Protected Overrides Sub OnInit(ByVal e As EventArgs)
MyBase.OnInit(e)
If Session.IsNewSession Then
Dim cookie_header As String = Request.Headers("Cookie")
If Not cookie_header Is Nothing AndAlso
cookie_header.IndexOf("ASP.NET_SessionId") >= 0 Then
Response.Redirect("session_timeout.aspx")
End If
End If
end sub
- web.config with:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".TESTCOOKIE" timeout="480"/>
</authentication>
.....
<authorization>
<deny users="?" />
</authorization>
.....
<sessionState mode="InProc" cookieless="false" timeout="60" />

Setting home.aspx to be the start page, i get first the login.aspx
and, after a click on the "stupid login button", i get the home.aspx.
I try to click to the "postback" button after 20 minutes, and the
application show me the session_timeout.aspx

Please help me...
Thanks in advance

check the idleTimeout setting. inproc sessions are lost when asp.net
recycles.

Hallo to the group,

my question is this: where i have to set timeout in a web application?
If i set into sessionState with property Timeout="60", after 20
minutes the session is over. Always after 20 minutes, i cannot set a
timeout greater than 20 minutes.

Our configuration is the following:
- Server with Win2003, i.e. IIS 6.0
- Web application developed with vb.net simply composed by:
- login.aspx (only one button that make setAuthCookie)
- home.aspx: label showing the time of the last postback and a
button to make a postback.
- session_timeout.aspx: just to show that the session is over
- a class from which our pages are inherited; that class permit to
check when a new session is started and redirect to
session_timeout.aspx. The only method in our class is:
Protected Overrides Sub OnInit(ByVal e As EventArgs)
MyBase.OnInit(e)
If Session.IsNewSession Then
Dim cookie_header As String = Request.Headers("Cookie")
If Not cookie_header Is Nothing AndAlso
cookie_header.IndexOf("ASP.NET_SessionId") >= 0 Then
Response.Redirect("session_timeout.aspx")
End If
End If
end sub
- web.config with:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".TESTCOOKIE" timeout="480"/>
</authentication>
.....
<authorization>
<deny users="?" />
</authorization>
.....
<sessionState mode="InProc" cookieless="false" timeout="60" />

Setting home.aspx to be the start page, i get first the login.aspx
and, after a click on the "stupid login button", i get the home.aspx.
I try to click to the "postback" button after 20 minutes, and the
application show me the session_timeout.aspx

Please help me...
Thanks in advance

re:
!I cannot set a timeout greater than 20 minutes.

Session timeout and forms authentication timeout are two different things.

A session will last for as long a period as you set in <sessionstate...>

A period of time for your app to remember your login parameters is different.
That's set in the forms timeout property.

ASP.NET membership doesn't need for a session to be active
in order to remember whether your membership parameters are active.

One of those parameters is the time for the app
to remember whether you're logged in or not.

You can choose to base your app on the length of the session,
or on the time needed for your login to expire.

If you're using forms authentication, modify the forms authentication timeout :

<forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" timeout="30" path="/"
requireSSL="false" slidingExpiration="true">


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Masso" <ma************@gmail.comwrote in message
news:11*********************@e65g2000hsc.googlegro ups.com...

>Hallo to the group,

my question is this: where i have to set timeout in a web application?
If i set into sessionState with property Timeout="60", after 20
minutes the session is over. Always after 20 minutes, i cannot set a
timeout greater than 20 minutes.

Our configuration is the following:
- Server with Win2003, i.e. IIS 6.0
- Web application developed with vb.net simply composed by:
- login.aspx (only one button that make setAuthCookie)
- home.aspx: label showing the time of the last postback and a
button to make a postback.
- session_timeout.aspx: just to show that the session is over
- a class from which our pages are inherited; that class permit to
check when a new session is started and redirect to
session_timeout.aspx. The only method in our class is:
Protected Overrides Sub OnInit(ByVal e As EventArgs)
MyBase.OnInit(e)
If Session.IsNewSession Then
Dim cookie_header As String = Request.Headers("Cookie")
If Not cookie_header Is Nothing AndAlso
cookie_header.IndexOf("ASP.NET_SessionId") >= 0 Then
Response.Redirect("session_timeout.aspx")
End If
End If
end sub
- web.config with:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".TESTCOOKIE" timeout="480"/>
</authentication>
.....
<authorization>
<deny users="?" />
</authorization>
.....
<sessionState mode="InProc" cookieless="false" timeout="60" />

Setting home.aspx to be the start page, i get first the login.aspx
and, after a click on the "stupid login button", i get the home.aspx.
I try to click to the "postback" button after 20 minutes, and the
application show me the session_timeout.aspx

Please help me...
Thanks in advance

Adding to this reply:

You're using :
<forms loginUrl="login.aspx" name=".TESTCOOKIE" timeout="480"/>
</authentication>

You should add slidingExpiration="true" :

<forms loginUrl="login.aspx" name=".TESTCOOKIE" timeout="30" slidingExpiration="true"/>
</authentication>

btw, are you sure you want to set the expiration to 8 *hours* ?

There's lots of background info on forms authentication parameters at :

http://support.microsoft.com/kb/910443

...and here's a link which shows you how to troubleshoot forms authentication:

http://support.microsoft.com/kb/910439/

Juan T. Llibre, asp.net MVP
asp.net faq :http://asp.net.do/faq/
foros de asp.net, en español :http://asp.net.do/foros/
===================================
"Juan T. Llibre" <nomailrepl...@nowhere.comwrote in messagenews:%2****************@TK2MSFTNGP06.phx.gb l...

re:
!I cannot set a timeout greater than 20 minutes.

Session timeout and forms authentication timeout are two different things.

A session will last for as long a period as you set in <sessionstate...>

A period of time for your app to remember your login parameters is different.
That's set in the forms timeout property.

ASP.NET membership doesn't need for a session to be active
in order to remember whether your membership parameters are active.

One of those parameters is the time for the app
to remember whether you're logged in or not.

You can choose to base your app on the length of the session,
or on the time needed for your login to expire.

If you're using forms authentication, modify the forms authentication timeout :

<forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" timeout="30" path="/"
requireSSL="false" slidingExpiration="true">

Juan T. Llibre, asp.net MVP
asp.net faq :http://asp.net.do/faq/
foros de asp.net, en español :http://asp.net.do/foros/
===================================
"Masso" <massimo.pol...@gmail.comwrote in message
news:11*********************@e65g2000hsc.googlegro ups.com...

Hallo to the group,

my question is this: where i have to set timeout in a web application?
If i set into sessionState with property Timeout="60", after 20
minutes the session is over. Always after 20 minutes, i cannot set a
timeout greater than 20 minutes.

Our configuration is the following:
- Server with Win2003, i.e. IIS 6.0
- Web application developed with vb.net simply composed by:
- login.aspx (only one button that make setAuthCookie)
- home.aspx: label showing the time of the last postback and a
button to make a postback.
- session_timeout.aspx: just to show that the session is over
- a class from which our pages are inherited; that class permit to
check when a new session is started and redirect to
session_timeout.aspx. The only method in our class is:
Protected Overrides Sub OnInit(ByVal e As EventArgs)
MyBase.OnInit(e)
If Session.IsNewSession Then
Dim cookie_header As String = Request.Headers("Cookie")
If Not cookie_header Is Nothing AndAlso
cookie_header.IndexOf("ASP.NET_SessionId") >= 0 Then
Response.Redirect("session_timeout.aspx")
End If
End If
end sub
- web.config with:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".TESTCOOKIE" timeout="480"/>
</authentication>
.....
<authorization>
<deny users="?" />
</authorization>
.....
<sessionState mode="InProc" cookieless="false" timeout="60" />

Setting home.aspx to be the start page, i get first the login.aspx
and, after a click on the "stupid login button", i get the home.aspx.
I try to click to the "postback" button after 20 minutes, and the
application show me the session_timeout.aspx

Please help me...
Thanks in advance