form authentication time out less then what is set in web.config

[Guest]

we have a webapp using form authentication, and the time out is set at 120
minutes, so whenever a session is idle for > 120 minutes or so, it will make
the user sign in again.

This seems to be working okay on my developement machine (xp sp1) and on our
staging machine (win server 2003). However, on our production machine
(window 2000 server with latest SP). it times out some where between 20-30
minutes.

We are using sqlserver to store session state at all 3 places.

All 3 machine is running .net framework 1.1

The following are related lines from the web.config file.

<authentication mode="Forms">
<forms name="login" path="/" loginUrl="login.aspx" protection="All"
timeout="110">
<credentials passwordFormat="Clear">
</credentials>
</forms>
</authentication>


<sessionState mode="SQLServer"
stateConnectionString="tcpip=mystatserver.company.com:42424"
sqlConnectionString="data source=mystateserver.company.com;user
id=IDHERE;password=YAPPASSWORD" cookieless="false" timeout="120"/>

and the session time out setting on the IIS server is set to 120.

Are there other place I need to set in order for this to work?

TIA

Ben

 

[bruce barker]

if you use the sqlserver session manager, the session timeout is totally
controlled by the cookie, or the delete sessions stored proc deleteing the
session data (there is no end session). check the session cookie first.

-- bruce (sqlwork.com)