Forms timeout, Session timeout

Discussion in 'ASP .Net' started by gnewsgroup, Apr 21, 2008.

  1. gnewsgroup

    gnewsgroup Guest

    I think I understand the difference between forms authentication
    timeout and the sessionstate timeout. That said, they are giving me
    headache.

    I have a simple test application using Forms authentication.

    In my web.config I have:

    <authentication mode="Forms">
    <forms loginUrl="Default.aspx" protection="All" timeout="2"
    name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true"
    defaultUrl="Default2.aspx" cookieless="UseDeviceProfile"
    enableCrossAppRedirects="false"/>
    </authentication>

    and

    <sessionState mode="InProc" timeout="2" cookieless="false">
    </sessionState>

    Note that I set both timeout values to only 2 minutes. In IIS config,
    I set the session timeout to 2 minutes also.

    I run this application, and login, let it idle for more than 2
    minutes. I thought I am out, but when I click on something, I can
    still get redirected to other pages of this application. I thought
    that I should be redirected to the Login page. Shouldn't I?

    I feel like I have no control over the session timeout at all. What's
    going on? Any hint is highly appreciated.
     
    gnewsgroup, Apr 21, 2008
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.