ASP.NET Why are sessions timing out, sessionstate timeout set

Question

Hey I have the following line in my web.config

Which I thought would keep sessions int

Answer 1

If the user closes their browser or clears cookies, or if the AppDomain on the server is recycled, the session state will be lost.

Have you checked logs to see if the app is recycling?

Answer 2

Be sure to check your IIS configuration because the application pool that your site is hosted on also has its own timeout value which will override your own .config.

To increase it,

1. Open IIS
2. Select Application Pools on the left side
3. Select the Application Pool used by your site
4. Choose advanced settings
5. Under Process Model categtory increase the 'Idle Time-out' value to the desired length.

Hope this helps.

(If you do not have a dedicated server / access to IIS with your hosting provider you will have to contact them to see if they can increase it for you)

Answer 3

Are you using Forms Authentication? It has its own timeout setting that when expires will redirect the user to your login page even if their session is still valid.

Answer 4

AppDomain recycles are a very common problem for this if the sessionState is InProc. It is very much advised to use a StateServer or SQLServer for production systems instead. See Session-State Modes for documentation on how to use each, and the pros and cons of the three different types.

Personally, we use SQL Server if we must for web server farms--slower but can be shared. We use State Server if the site will only be hosted on a single web server--state survives AppDomain restarts, but not entire server restarts.

Also, in the past we have used an AJAX post in the background while the user is watching long running videos or performing long client-side tasks, so that the session timeout gets reset every few minutes. Nothing special about this code--just have a little JavaScript hit every few minutes some ASPX page that returns nothing.