Session Timeout isn't working correctly.

Discussion in 'ASP .Net' started by Mufasa, Jun 9, 2008.

  1. Mufasa

    Mufasa Guest

    Folks,
    I'm having problems with my session timeout. People using my website leave
    it just sitting there while they do other things. They have logged in (
    using Forms Authentication ) and will be doing other things will a page of
    mine is up on the screen. But the session times out so that when I try and
    use a session variable, it crashes saying Object reference not set to an
    instance of an object.

    So I put
    <sessionState timeout="4800" />

    in my web.config (I know it's ridicously long....)

    I went in to IIS and changed the Session timeout to 720.

    I stopped IIS and restarted it.

    I verified the setting in Session Timeout.

    I put on my page a print of the session timeout and it shows 4800.

    But people are still getting the error after 30 minutes.

    What am I missing? Do I want to disable Session State?

    TIA - Jeff.
    Mufasa, Jun 9, 2008
    #1
    1. Advertising

  2. Option 1: Set up a redirect on the page a minute or two less than session
    timeout. Redirect to logout.aspx and abandon the session there. Then, a user
    that walks away is logged out and cannot get the ASPX error. On the logout
    page have the message: "you have been logged out due to a timeout in your
    session, click here to log in again". Or you can duplicate the login box on
    that screen. Your choice.

    If you choose this option, you should also disable the back button. The
    easiest way is to set up JavaScript that pushes the person forward one page
    in history, so they are always on the page ahead of the page they are on.

    <script language="javascript">
    window.history.forward(1);
    </script>

    Option 2: Set up a friendly error page that says something like:

    There was an error in the application. One of the most common reasons is you
    were an idiot and walked away while you were filling out a form. If this is
    you, click here to log in again.

    Yes, the message was a joke, but you should get the idea. :)

    I would try option 1 first. It is friendlier and th

    --
    Gregory A. Beamer
    MVP, MCP: +I, SE, SD, DBA

    Subscribe to my blog
    http://gregorybeamer.spaces.live.com/lists/feed.rss

    or just read it:
    http://gregorybeamer.spaces.live.com/

    ********************************************
    | Think outside the box! |
    ********************************************
    "Mufasa" <> wrote in message
    news:%...
    > Folks,
    > I'm having problems with my session timeout. People using my website leave
    > it just sitting there while they do other things. They have logged in (
    > using Forms Authentication ) and will be doing other things will a page of
    > mine is up on the screen. But the session times out so that when I try and
    > use a session variable, it crashes saying Object reference not set to an
    > instance of an object.
    >
    > So I put
    > <sessionState timeout="4800" />
    >
    > in my web.config (I know it's ridicously long....)
    >
    > I went in to IIS and changed the Session timeout to 720.
    >
    > I stopped IIS and restarted it.
    >
    > I verified the setting in Session Timeout.
    >
    > I put on my page a print of the session timeout and it shows 4800.
    >
    > But people are still getting the error after 30 minutes.
    >
    > What am I missing? Do I want to disable Session State?
    >
    > TIA - Jeff.
    >
    >
    Cowboy \(Gregory A. Beamer\), Jun 9, 2008
    #2
    1. Advertising

  3. Mufasa

    Mufasa Guest

    Your missing the point. I want to make the session last longer.

    I already have it where if the session times out it goes to the login page.
    I want the session to last longer.

    J.

    "Cowboy (Gregory A. Beamer)" <> wrote in
    message news:...
    > Option 1: Set up a redirect on the page a minute or two less than session
    > timeout. Redirect to logout.aspx and abandon the session there. Then, a
    > user that walks away is logged out and cannot get the ASPX error. On the
    > logout page have the message: "you have been logged out due to a timeout
    > in your session, click here to log in again". Or you can duplicate the
    > login box on that screen. Your choice.
    >
    > If you choose this option, you should also disable the back button. The
    > easiest way is to set up JavaScript that pushes the person forward one
    > page in history, so they are always on the page ahead of the page they are
    > on.
    >
    > <script language="javascript">
    > window.history.forward(1);
    > </script>
    >
    > Option 2: Set up a friendly error page that says something like:
    >
    > There was an error in the application. One of the most common reasons is
    > you were an idiot and walked away while you were filling out a form. If
    > this is you, click here to log in again.
    >
    > Yes, the message was a joke, but you should get the idea. :)
    >
    > I would try option 1 first. It is friendlier and th
    >
    > --
    > Gregory A. Beamer
    > MVP, MCP: +I, SE, SD, DBA
    >
    > Subscribe to my blog
    > http://gregorybeamer.spaces.live.com/lists/feed.rss
    >
    > or just read it:
    > http://gregorybeamer.spaces.live.com/
    >
    > ********************************************
    > | Think outside the box! |
    > ********************************************
    > "Mufasa" <> wrote in message
    > news:%...
    >> Folks,
    >> I'm having problems with my session timeout. People using my website
    >> leave it just sitting there while they do other things. They have logged
    >> in ( using Forms Authentication ) and will be doing other things will a
    >> page of mine is up on the screen. But the session times out so that when
    >> I try and use a session variable, it crashes saying Object reference not
    >> set to an instance of an object.
    >>
    >> So I put
    >> <sessionState timeout="4800" />
    >>
    >> in my web.config (I know it's ridicously long....)
    >>
    >> I went in to IIS and changed the Session timeout to 720.
    >>
    >> I stopped IIS and restarted it.
    >>
    >> I verified the setting in Session Timeout.
    >>
    >> I put on my page a print of the session timeout and it shows 4800.
    >>
    >> But people are still getting the error after 30 minutes.
    >>
    >> What am I missing? Do I want to disable Session State?
    >>
    >> TIA - Jeff.
    >>
    >>

    >
    Mufasa, Jun 9, 2008
    #3
  4. Mufasa

    bruce barker Guest

    asp.net has an idle timeout. if the site is not used in the timeout (usually
    20 minutes) then it cycles down losing session. you can increase the idle
    timeout with iis under app pool settings.

    you should also handle a lost session with code, as there can be many causes
    of a recycle.


    -- bruce (sqlwork.com)


    "Mufasa" wrote:

    > Folks,
    > I'm having problems with my session timeout. People using my website leave
    > it just sitting there while they do other things. They have logged in (
    > using Forms Authentication ) and will be doing other things will a page of
    > mine is up on the screen. But the session times out so that when I try and
    > use a session variable, it crashes saying Object reference not set to an
    > instance of an object.
    >
    > So I put
    > <sessionState timeout="4800" />
    >
    > in my web.config (I know it's ridicously long....)
    >
    > I went in to IIS and changed the Session timeout to 720.
    >
    > I stopped IIS and restarted it.
    >
    > I verified the setting in Session Timeout.
    >
    > I put on my page a print of the session timeout and it shows 4800.
    >
    > But people are still getting the error after 30 minutes.
    >
    > What am I missing? Do I want to disable Session State?
    >
    > TIA - Jeff.
    >
    >
    >
    bruce barker, Jun 9, 2008
    #4
  5. re:
    !> I want to make the session last longer.

    Write a meta tag which refreshes the page 5 minutes before your session timeout.

    If you are timing out your sessions at 20 minutes, use this meta tag :

    <meta http-equiv="refresh" content="900">

    That tag will auto-refresh the page every 15 minutes,
    extending your session and keeping your session variables intact.

    content="xxx" is a property measured in seconds.
    Set the number of seconds to refresh your pages to whatever you feel is convenient.

    The only quid pro quo is that it should be a lesser number
    of seconds than what your session timeout is configured for.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "Mufasa" <> wrote in message news:...
    > Your missing the point. I want to make the session last longer.
    >
    > I already have it where if the session times out it goes to the login page. I want the session to last longer.
    >
    > J.
    >
    > "Cowboy (Gregory A. Beamer)" <> wrote in message
    > news:...
    >> Option 1: Set up a redirect on the page a minute or two less than session timeout. Redirect to logout.aspx and
    >> abandon the session there. Then, a user that walks away is logged out and cannot get the ASPX error. On the logout
    >> page have the message: "you have been logged out due to a timeout in your session, click here to log in again". Or
    >> you can duplicate the login box on that screen. Your choice.
    >>
    >> If you choose this option, you should also disable the back button. The easiest way is to set up JavaScript that
    >> pushes the person forward one page in history, so they are always on the page ahead of the page they are on.
    >>
    >> <script language="javascript">
    >> window.history.forward(1);
    >> </script>
    >>
    >> Option 2: Set up a friendly error page that says something like:
    >>
    >> There was an error in the application. One of the most common reasons is you were an idiot and walked away while you
    >> were filling out a form. If this is you, click here to log in again.
    >>
    >> Yes, the message was a joke, but you should get the idea. :)
    >>
    >> I would try option 1 first. It is friendlier and th
    >>
    >> --
    >> Gregory A. Beamer
    >> MVP, MCP: +I, SE, SD, DBA
    >>
    >> Subscribe to my blog
    >> http://gregorybeamer.spaces.live.com/lists/feed.rss
    >>
    >> or just read it:
    >> http://gregorybeamer.spaces.live.com/
    >>
    >> ********************************************
    >> | Think outside the box! |
    >> ********************************************
    >> "Mufasa" <> wrote in message news:%...
    >>> Folks,
    >>> I'm having problems with my session timeout. People using my website leave it just sitting there while they do other
    >>> things. They have logged in ( using Forms Authentication ) and will be doing other things will a page of mine is up
    >>> on the screen. But the session times out so that when I try and use a session variable, it crashes saying Object
    >>> reference not set to an instance of an object.
    >>>
    >>> So I put
    >>> <sessionState timeout="4800" />
    >>>
    >>> in my web.config (I know it's ridicously long....)
    >>>
    >>> I went in to IIS and changed the Session timeout to 720.
    >>>
    >>> I stopped IIS and restarted it.
    >>>
    >>> I verified the setting in Session Timeout.
    >>>
    >>> I put on my page a print of the session timeout and it shows 4800.
    >>>
    >>> But people are still getting the error after 30 minutes.
    >>>
    >>> What am I missing? Do I want to disable Session State?
    >>>
    >>> TIA - Jeff.
    >>>
    >>>

    >>

    >
    >
    Juan T. Llibre, Jun 9, 2008
    #5
  6. Mufasa

    Mufasa Guest

    So what everybody is telling me is there is no way to permanently change the
    session timeout.

    Even though it looks like it's setable it doesn't actually work.....


    "Juan T. Llibre" <> wrote in message
    news:...
    > re:
    > !> I want to make the session last longer.
    >
    > Write a meta tag which refreshes the page 5 minutes before your session
    > timeout.
    >
    > If you are timing out your sessions at 20 minutes, use this meta tag :
    >
    > <meta http-equiv="refresh" content="900">
    >
    > That tag will auto-refresh the page every 15 minutes,
    > extending your session and keeping your session variables intact.
    >
    > content="xxx" is a property measured in seconds.
    > Set the number of seconds to refresh your pages to whatever you feel is
    > convenient.
    >
    > The only quid pro quo is that it should be a lesser number
    > of seconds than what your session timeout is configured for.
    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ======================================
    > "Mufasa" <> wrote in message
    > news:...
    >> Your missing the point. I want to make the session last longer.
    >>
    >> I already have it where if the session times out it goes to the login
    >> page. I want the session to last longer.
    >>
    >> J.
    >>
    >> "Cowboy (Gregory A. Beamer)" <> wrote in
    >> message news:...
    >>> Option 1: Set up a redirect on the page a minute or two less than
    >>> session timeout. Redirect to logout.aspx and abandon the session there.
    >>> Then, a user that walks away is logged out and cannot get the ASPX
    >>> error. On the logout page have the message: "you have been logged out
    >>> due to a timeout in your session, click here to log in again". Or you
    >>> can duplicate the login box on that screen. Your choice.
    >>>
    >>> If you choose this option, you should also disable the back button. The
    >>> easiest way is to set up JavaScript that pushes the person forward one
    >>> page in history, so they are always on the page ahead of the page they
    >>> are on.
    >>>
    >>> <script language="javascript">
    >>> window.history.forward(1);
    >>> </script>
    >>>
    >>> Option 2: Set up a friendly error page that says something like:
    >>>
    >>> There was an error in the application. One of the most common reasons is
    >>> you were an idiot and walked away while you were filling out a form. If
    >>> this is you, click here to log in again.
    >>>
    >>> Yes, the message was a joke, but you should get the idea. :)
    >>>
    >>> I would try option 1 first. It is friendlier and th
    >>>
    >>> --
    >>> Gregory A. Beamer
    >>> MVP, MCP: +I, SE, SD, DBA
    >>>
    >>> Subscribe to my blog
    >>> http://gregorybeamer.spaces.live.com/lists/feed.rss
    >>>
    >>> or just read it:
    >>> http://gregorybeamer.spaces.live.com/
    >>>
    >>> ********************************************
    >>> | Think outside the box! |
    >>> ********************************************
    >>> "Mufasa" <> wrote in message
    >>> news:%...
    >>>> Folks,
    >>>> I'm having problems with my session timeout. People using my website
    >>>> leave it just sitting there while they do other things. They have
    >>>> logged in ( using Forms Authentication ) and will be doing other things
    >>>> will a page of mine is up on the screen. But the session times out so
    >>>> that when I try and use a session variable, it crashes saying Object
    >>>> reference not set to an instance of an object.
    >>>>
    >>>> So I put
    >>>> <sessionState timeout="4800" />
    >>>>
    >>>> in my web.config (I know it's ridicously long....)
    >>>>
    >>>> I went in to IIS and changed the Session timeout to 720.
    >>>>
    >>>> I stopped IIS and restarted it.
    >>>>
    >>>> I verified the setting in Session Timeout.
    >>>>
    >>>> I put on my page a print of the session timeout and it shows 4800.
    >>>>
    >>>> But people are still getting the error after 30 minutes.
    >>>>
    >>>> What am I missing? Do I want to disable Session State?
    >>>>
    >>>> TIA - Jeff.
    >>>>
    >>>>
    >>>

    >>
    >>

    >
    >
    Mufasa, Jun 9, 2008
    #6
  7. re:
    !> there is no way to permanently change the session timeout

    Of course there is, but that isn't what you asked, is it ?

    I think that what you want to do is extend the
    *Forms Authentication* timeout, and not the Session timeout.

    When you use Forms Authentication, the ASP.NET session timeout doesn't much matter.
    "Forms Authentication" timeout and "Session" timeout are two different animals.

    Change the Forms Authentication timeout in web.config :

    <authentication mode="Forms">
    <forms name=".NAME" loginUrl="Login.aspx" protection="All" timeout="20" path="/" slidingExpiration="true">
    </forms>
    </authentication>

    Set the "timeout" property to whatever length of time you need.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================

    "Mufasa" <> wrote in message news:...
    > So what everybody is telling me is there is no way to permanently change the session timeout.
    >
    > Even though it looks like it's setable it doesn't actually work.....
    >
    >
    > "Juan T. Llibre" <> wrote in message news:...
    >> re:
    >> !> I want to make the session last longer.
    >>
    >> Write a meta tag which refreshes the page 5 minutes before your session timeout.
    >>
    >> If you are timing out your sessions at 20 minutes, use this meta tag :
    >>
    >> <meta http-equiv="refresh" content="900">
    >>
    >> That tag will auto-refresh the page every 15 minutes,
    >> extending your session and keeping your session variables intact.
    >>
    >> content="xxx" is a property measured in seconds.
    >> Set the number of seconds to refresh your pages to whatever you feel is convenient.
    >>
    >> The only quid pro quo is that it should be a lesser number
    >> of seconds than what your session timeout is configured for.
    >>
    >>
    >>
    >>
    >> Juan T. Llibre, asp.net MVP
    >> asp.net faq : http://asp.net.do/faq/
    >> foros de asp.net, en español : http://asp.net.do/foros/
    >> ======================================
    >> "Mufasa" <> wrote in message news:...
    >>> Your missing the point. I want to make the session last longer.
    >>>
    >>> I already have it where if the session times out it goes to the login page. I want the session to last longer.
    >>>
    >>> J.
    >>>
    >>> "Cowboy (Gregory A. Beamer)" <> wrote in message
    >>> news:...
    >>>> Option 1: Set up a redirect on the page a minute or two less than session timeout. Redirect to logout.aspx and
    >>>> abandon the session there. Then, a user that walks away is logged out and cannot get the ASPX error. On the logout
    >>>> page have the message: "you have been logged out due to a timeout in your session, click here to log in again". Or
    >>>> you can duplicate the login box on that screen. Your choice.
    >>>>
    >>>> If you choose this option, you should also disable the back button. The easiest way is to set up JavaScript that
    >>>> pushes the person forward one page in history, so they are always on the page ahead of the page they are on.
    >>>>
    >>>> <script language="javascript">
    >>>> window.history.forward(1);
    >>>> </script>
    >>>>
    >>>> Option 2: Set up a friendly error page that says something like:
    >>>>
    >>>> There was an error in the application. One of the most common reasons is you were an idiot and walked away while
    >>>> you were filling out a form. If this is you, click here to log in again.
    >>>>
    >>>> Yes, the message was a joke, but you should get the idea. :)
    >>>>
    >>>> I would try option 1 first. It is friendlier and th
    >>>>
    >>>> --
    >>>> Gregory A. Beamer
    >>>> MVP, MCP: +I, SE, SD, DBA
    >>>>
    >>>> Subscribe to my blog
    >>>> http://gregorybeamer.spaces.live.com/lists/feed.rss
    >>>>
    >>>> or just read it:
    >>>> http://gregorybeamer.spaces.live.com/
    >>>>
    >>>> ********************************************
    >>>> | Think outside the box! |
    >>>> ********************************************
    >>>> "Mufasa" <> wrote in message news:%...
    >>>>> Folks,
    >>>>> I'm having problems with my session timeout. People using my website leave it just sitting there while they do
    >>>>> other things. They have logged in ( using Forms Authentication ) and will be doing other things will a page of
    >>>>> mine is up on the screen. But the session times out so that when I try and use a session variable, it crashes
    >>>>> saying Object reference not set to an instance of an object.
    >>>>>
    >>>>> So I put
    >>>>> <sessionState timeout="4800" />
    >>>>>
    >>>>> in my web.config (I know it's ridicously long....)
    >>>>>
    >>>>> I went in to IIS and changed the Session timeout to 720.
    >>>>>
    >>>>> I stopped IIS and restarted it.
    >>>>>
    >>>>> I verified the setting in Session Timeout.
    >>>>>
    >>>>> I put on my page a print of the session timeout and it shows 4800.
    >>>>>
    >>>>> But people are still getting the error after 30 minutes.
    >>>>>
    >>>>> What am I missing? Do I want to disable Session State?
    >>>>>
    >>>>> TIA - Jeff.
    Juan T. Llibre, Jun 9, 2008
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    518
  2. interpim

    Why isn't this working correctly?

    interpim, Dec 17, 2003, in forum: C Programming
    Replies:
    29
    Views:
    729
    Mark McIntyre
    Dec 17, 2003
  3. Replies:
    17
    Views:
    483
    Puppet_Sock
    Dec 12, 2005
  4. =?Utf-8?B?Um9iSEs=?=
    Replies:
    4
    Views:
    5,247
    =?Utf-8?B?Um9iSEs=?=
    Apr 11, 2007
  5. Mark Probert

    Timeout::timeout and Socket timeout

    Mark Probert, Oct 6, 2004, in forum: Ruby
    Replies:
    1
    Views:
    1,263
    Brian Candler
    Oct 6, 2004
Loading...

Share This Page