Forms timeout, Session timeout



I think I understand the difference between forms authentication
timeout and the sessionstate timeout. That said, they are giving me

I have a simple test application using Forms authentication.

In my web.config I have:

<authentication mode="Forms">
<forms loginUrl="Default.aspx" protection="All" timeout="2"
name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="Default2.aspx" cookieless="UseDeviceProfile"


<sessionState mode="InProc" timeout="2" cookieless="false">

Note that I set both timeout values to only 2 minutes. In IIS config,
I set the session timeout to 2 minutes also.

I run this application, and login, let it idle for more than 2
minutes. I thought I am out, but when I click on something, I can
still get redirected to other pages of this application. I thought
that I should be redirected to the Login page. Shouldn't I?

I feel like I have no control over the session timeout at all. What's
going on? Any hint is highly appreciated.


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question