windows authentication session timeout

Question

I have this code in my web.config:

Answer 1

Make sure the idle timeout isn't set on the app pool in IIS. The default for that setting is 20 minutes (which leads to confusion over whether the timeout was triggered by session timeout or idle timeout) and in most cases can be safely set to 0, which turns it off.

To check the idle timeout in IIS, go to Advanced Settings for the app pool.

The idle timeout is a sliding window based on activity for the app, so requests from any client will reset the window. If your app is lightly used, you'll hit the timeout frequently, causing your app pool to recycle. The impact to users is that any sessions that had been active will be lost, and users walking up to your app after it has been idle will have to wait for it to run all of its start up processes.

Answer 2

Windows Authentication Timeout:

If the users are logging onto a windows environment and it is controlled by active directory (domain) there is the chance that there is a domain policy in place to log the user out of the "windows session" after so many minutes of inactivity, this would be done for security reasons. I think your next step would be to talk with whoever is in charge with the windows network and pass it off to them.