Form Authentication Time Out and Session time Out

最新推荐文章于 2019-06-22 21:57:28 发布

riverlau

最新推荐文章于 2019-06-22 21:57:28 发布

阅读量911

点赞数

分类专栏： .NET

.NET 专栏收录该内容

87 篇文章

订阅专栏

Are you using Forms authentication?

Forms authentication uses it own value for timeout (30 min. by default). A forms authentication timeout will send the user to the login page with the session still active. This may look like the behavior your app gives when session times out making it easy to confuse one with the other.

<system.web>
    <authentication mode="Forms">
          <forms timeout="50"/>
    </authentication>

    <sessionState timeout="60"  />
</system.web>

Setting the forms timeout to something less than the session timeout can give the user a window in which to log back in without losing any session data.

One thing to be aware of when upgrading from ASP.NET V1.1 to V2.0 is that the forms authentication timeout value has changed to be 30 minutes by default. This means that after 30 minutes of inactivity, a user will be prompted to login again (note: everytime they hit the site the 30 minute window clock gets reset -- so it is only if they are idle that it will timeout).

If you want to change the timeout value to be longer, you can easily change the timeout value in your local web.config file (the timeout value is in minutes):

<system.web>
    <authentication mode="Forms">
          <forms timeout="50000000"/>
    </authentication>
</system.web>

Hope this helps,