Web.config timeout

Discussion in 'ASP .Net Security' started by LisaConsult, Nov 1, 2004.

  1. LisaConsult

    LisaConsult Guest

    The user has indicated that the application seems to be kicking her out, even
    though she is sure that she is submitting a form faster than every 30
    minutes. I thought that I had set the Web.Config on the ASP.NET application
    to time out after 30 minutes of inactivity, but maybe I don't have something
    set up correctly. Here's the basis of my Web.Config (stripped down without
    comments):

    <?xml version="1.0" encoding="UTF-8" ?>
    <configuration>
    <appSettings>
    <add key="ConnectionString" value="User ID=userid;Initial
    Catalog=dbname;Data Source=servername.net;password=userpassword" />
    </appSettings>

    <location path="ForgotPswd.aspx"><system.web><authorization><allow
    users="*" /></authorization></system.web></location>

    <system.web>
    <sessionState mode="InProc"
    timeout="30" />
    <compilation debug="true"/>
    <customErrors mode="Off"/>

    <authentication mode="Forms">

    <forms name=".ASPXAUTH"
    loginUrl="login.aspx" />
    </authentication>

    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
    </configuration>

    Additionally, I have this in the Page_Load of the web page:
    Response.AddHeader("Pragma", "no-cache")
    Response.Expires = -1
    Response.Expiresabsolute = Now().Subtract(New TimeSpan(1, 0, 0, 0))
    Response.CacheControl = "no-cache"

    Do you see any reason why it would expire unless they truly had 30 minutes
    of no activity submitted to the server? Is there anything wrong here?
    Thanks.
     
    LisaConsult, Nov 1, 2004
    #1
    1. Advertising

  2. LisaConsult

    [MSFT] Guest

    The <forms> element also has an attribute "Timeout", you may set it to a
    large to see if it will help. Or you may consider use Persistent cookies
    cookie for the form authentication.

    Hope this help,

    Luke
     
    [MSFT], Nov 2, 2004
    #2
    1. Advertising

  3. LisaConsult

    LisaConsult Guest

    But, please help me to understand, what would be kicking the user out of the
    session if they were sending information to the server and everything below
    looks fine? What would cause the session to be lost. The user assures me
    that when this occurs it's about 1-2 minutes per submission, not 30 minutes.
    We currently don't want to go the cookie route.

    "[MSFT]" wrote:

    > The <forms> element also has an attribute "Timeout", you may set it to a
    > large to see if it will help. Or you may consider use Persistent cookies
    > cookie for the form authentication.
    >
    > Hope this help,
    >
    > Luke
    >
    >
     
    LisaConsult, Nov 2, 2004
    #3
  4. LisaConsult

    [MSFT] Guest

    Hello,

    Since you use Forms authentication, a cookie will be sent to client,
    indicating the user has been authenticated. If this is timeout (not the
    session), the user will be redirect to the login in page if they request to
    server.

    Luke
     
    [MSFT], Nov 3, 2004
    #4
  5. LisaConsult

    LisaConsult Guest

    I just found out that this web app was moved from a Win2K server to a Win2003
    server last week. This is when the problem began occuring, is there a
    difference between the OSs which would cause this? Thanks.

    "[MSFT]" wrote:

    > Hello,
    >
    > Since you use Forms authentication, a cookie will be sent to client,
    > indicating the user has been authenticated. If this is timeout (not the
    > session), the user will be redirect to the login in page if they request to
    > server.
    >
    > Luke
    >
    >
     
    LisaConsult, Nov 3, 2004
    #5
  6. LisaConsult

    [MSFT] Guest

    Generally speaking, Windows 2000 works with IIS 5.0 and Windows server 2003
    with IIS 6.0 and .NET framework 1.1. There are many differences between
    them. Besides, the two computers may have different machine.config and
    security settings. I suggest you may first try to set the timeout value for
    forms authentication, and see if this can fix the problem. If not, we can
    go to see other issues related.

    Luke
     
    [MSFT], Nov 4, 2004
    #6
  7. LisaConsult

    LisaConsult Guest

    I apologize for the lack of mentioning it. I did place a Timeout in the
    Web.Config like this:
    <authentication mode="Forms">
    <forms name=".ASPXAUTH"
    loginUrl="PAE/login.aspx" />
    </authentication>

    The user is still getting kicked out of the system. The odd thing is that
    it's sporadic. She can get kicked out 5 times in 7 hours or 1 time in 5
    minutes with no real consistency about it. It is not always in the same
    screen either. Thanks for your continued assistance.

    "[MSFT]" wrote:

    > Generally speaking, Windows 2000 works with IIS 5.0 and Windows server 2003
    > with IIS 6.0 and .NET framework 1.1. There are many differences between
    > them. Besides, the two computers may have different machine.config and
    > security settings. I suggest you may first try to set the timeout value for
    > forms authentication, and see if this can fix the problem. If not, we can
    > go to see other issues related.
    >
    > Luke
    >
    >
     
    LisaConsult, Nov 4, 2004
    #7
  8. LisaConsult

    [MSFT] Guest

    What is the value you set for form authenttication?

    <authentication mode="Forms">
    <forms name=".ASPXAUTH"
    loginUrl="PAE/login.aspx" />
    </authentication>

    And, is the only user who encounter the problem? If so, did she have any
    proxy/firewall between her and the server? Any, any antivirus software
    installed?

    Luke
     
    [MSFT], Nov 5, 2004
    #8
  9. LisaConsult

    LisaConsult Guest

    <authentication mode="Forms">
    <forms name=".ASPXAUTH"
    loginUrl="PAE/login.aspx"
    timeout="20"/>
    </authentication>

    Currently there is only one consistent user within the organization.
    Because the system is in Beta, there are currently no other users. The
    application is hosted by an outside host provider. They are going through a
    firewall and they do have norton antivirus software installed.

    "[MSFT]" wrote:

    > What is the value you set for form authenttication?
    >
    > <authentication mode="Forms">
    > <forms name=".ASPXAUTH"
    > loginUrl="PAE/login.aspx" />
    > </authentication>
    >
    > And, is the only user who encounter the problem? If so, did she have any
    > proxy/firewall between her and the server? Any, any antivirus software
    > installed?
    >
    > Luke
    >
    >
    >
    >
     
    LisaConsult, Nov 5, 2004
    #9
  10. LisaConsult

    [MSFT] Guest

    Since the problem was sporadic, it looks to me that it is a configration
    issue. The timeout settings are fixed and won't be random. Based on my
    experience, it may be a problem related to the outside host provider. I
    suggest you may contact them, and ask if they have found such an issue fore
    other clients. Especially, for session and cookie.

    Luke
     
    [MSFT], Nov 8, 2004
    #10
  11. LisaConsult

    [MSFT] Guest

    Hello,

    Any progress? Did the outside host provider give some suggstions on this
    issue?

    Luke
     
    [MSFT], Nov 10, 2004
    #11
  12. By the look of it, this web.config must be a config file in a sub
    folder. I presume so because of the <location path=> attribute. If this
    is so, change the root web.config file.


    with regards,


    J.V.Ravichandran
    - http://www.geocities.com/
    jvravichandran
    - http://www.411asp.net/func/search?
    qry=Ravichandran+J.V.&cob=aspnetpro
    - http://www.southasianoutlook.com
    - http://www.MSDNAA.Net
    - http://www.csharphelp.com
    - http://www.poetry.com/Publications/
    display.asp?ID=P3966388&BN=999&PN=2
    - Or, just search on "J.V.Ravichandran"
    at http://www.Google.com

    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Ravichandran J.V., Nov 10, 2004
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Do
    Replies:
    2
    Views:
    6,383
  2. Benny Ng
    Replies:
    9
    Views:
    9,986
    Benny Ng
    Oct 13, 2005
  3. Siegfried Heintze
    Replies:
    2
    Views:
    15,034
  4. CSharpner
    Replies:
    0
    Views:
    1,050
    CSharpner
    Apr 9, 2007
  5. Mark Probert

    Timeout::timeout and Socket timeout

    Mark Probert, Oct 6, 2004, in forum: Ruby
    Replies:
    1
    Views:
    1,293
    Brian Candler
    Oct 6, 2004
Loading...

Share This Page