Windows Auth Problem

T

Tom Smit

We're having a problem where our application is timing out
after 60 minutes no matter what type of activity is
occuring. A user can be in the middle of a server call
and it will timeout after 60 minutes. This only occurs
with Windows authentication and not forms based.

We have the following in the web.config:

<authentication mode="Windows">
<forms loginUrl="Login.aspx" name="RiskLogin"
timeout="120" path="/">
</forms>
</authentication>

<sessionState mode="StateServer"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password=" cookieless="false" timeout="120" />


Where is this 60 minute timeout coming from? Am i missing
something?
 
A

Andrew

Tom,

Here is a snippet from the machine.config file:

<authentication mode="Windows">
<!--
forms Attributes:
name="[cookie name]" - Name of the cookie used for Forms
Authentication
loginUrl="" - Url to redirect client to for Authentication
protection="[All|None|Encryption|Validation]" - Protection mode for
data in cookie
timeout="[minutes]" - Duration of time for cookie to be valid (reset
on each request)
path="/" - Sets the path for the cookie
requireSSL="[true|false]" - Should the forms-authentication cookie
be sent only over SSL
slidingExpiration="[true|false]" - Should the
forms-authentication-cookie and ticket be re-issued if they are about to
expire
-->
<forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All"
timeout="30" path="/" requireSSL="false" slidingExpiration="true"></forms>
</authentication>

I am not entirely positive about this, but you may try adding the
"slidingExpiration" attribute to your web.config file. It is supposed to
reissue the authentication cookie every time a request is sent to the
server...at least the way I understand what I read in the documentation.
You can set the "timeout" period to whatever you like, but the sliding
expiration keeps the session alive as long as someone is actively using it.
I think this is so you can have short timeout periods but not worry too much
about loosing your users.

Give it a shot, but I thought if nothing else it was woth a try. :)

-- Andrew
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows Auth. Timeout after 60 minutes 0
Forms auth / Location element 1
problem with slidingExpiration 4
Virtual Directory doesn't recognize auth ticket! 0
location path not functioning within web.config -- no images/css 0
ASP.NET Forms Authentication with Oracle Integrated Security 2
Sessions expire too soon 1
forms based authentication - ticket not expiring 0

Staff online

Members online

Total: 34 (members: 1, guests: 33)
Robots: 129

Forum statistics

Threads
473,773
Messages
2,569,594
Members
45,118
Latest member
LatishaWhy

Latest Threads

Top