You are here:

C#/Session State Timeout

Advertisement


Question
QUESTION: Hi,
I am developing asp.net WebApplication. And my client wants that application never logout itself. When he click logout then only app should be logout. So, I set timeout to 525600 which means 1 year. Like this:

<system.web>
   <compilation debug="true" targetFramework="4.0" />
   <sessionState timeout="525600"></sessionState>
</system.web>

Now, when i tested it on my local computer it works fine and never logout. But when i published it on server it is not working. It is logging out after 10 min approx.
Even I changed in CPanel asp.net settings to the same. Still it is not working.

Help me if u have any idea about it.
Thanx.

ANSWER: Hi there,

That's a very big mistake that consumes your RAM very quickly. The reason of 10 min. limit is IIS idle timeout. IIS automatically shuts down applications which stay idle for a period of time to clean up RAM.
See technet.microsoft.com to learn how to change this setting.

HOWEVER this is completely wrong approach as I said at first. The algorithm of infinite login should be created by using cookies. When a user logs in, create a hash string and save it in your database and also as a cookie which the expiration date is set to a very big value. When user opens your website, where-ever you check user login, firstly check the hash from cookie. If it exists in database set that user as logged-in without asking credentials.

Hope that helps,

Murat

---------- FOLLOW-UP ----------

QUESTION: Hi,
Thanx for help.

Yes, This is a good option. But there is a query. I have not checked on server but if user close browser directly (without logout) or user pc shutdown unexpectedly (for any reason) at that time I want to clear cookies. So, next time when user start application it should ask for login. Because if i close browser and start it again then it will directly fetch data from cookie.

I hope it is possible.

Answer
Hi back,

"When he click logout then only app should be logout."
This was your only condition to logout that's why I advised you using cookies. If you want him to stay logged in only for that session without time limit, you have to go with the option 1 that I told you, setting IIS idle timeout to a big value.

Hope that helps,

Murat

C#

All Answers


Answers by Expert:


Ask Experts

Volunteer


Murat Mehmet

Expertise

I can help with questions about desktop and web programming in C#, including SOAP, XML, database managing, custom controls, security etc.

Experience

I have been developing web and especially desktop applications in C# and VB.Net for almost 5 years. My programming life has begun with VB6 long time ago, so its about 8 years that I am in this business.

Organizations
Was in R & D for 2 years in a popular Turkish technology website: cyber-warrior.com

Education/Credentials
2011 Computer Engineering graduation in University of Trakia in Turkey.

©2016 About.com. All rights reserved.