ASP.NET mvc auth or session expires quicker than set

Question

In my ASP.NET MVC5 website the login and session timeout in web.config are as follows:

Answer 1

First of all, try setting session timeout on Session_Start method inside Global.asax:

void Session_Start(object sender, EventArgs e)
{
    Session.Timeout = 60;
}

Note: By using in-process session state, your sessions will wiped out every IIS application pool recycles, which in your issue app pool recycled after 5 minutes.

If above attempt doesn't work and you have access to server's IIS management, do these steps:

1. Open IIS Manager.
2. Select Application Pools => [your app pool name] => Recycling/Advanced Settings.
3. Enable Regular time interval (minutes) and set it to 60, then apply your changes.

If you don't have access on both IIS Manager & SQL Server configurations, you might want to try DB-based session state management instead of InProc mode (see MSDN reference below).

DB-based session state requires changing mode attribute to SQLServer, e.g.:

<system.web>
    <sessionState mode="SQLServer" sqlConnectionString="Integrated Security=SSPI;Data Source=SERVERNAME;Initial Catalog=DATABASE" />
</system.web>

Reference:

MSDN: https://msdn.microsoft.com/en-us/library/ms178586.aspx

Session expires too quickly in asp.net mvc4 application

Answer 2

It was an issue with the SystemIdleTime variable in the IIS. I requested my hosting provider to increase this value to 30 minutes and it worked.

It indicates that all my session variables would erase as the application pool shuts down when there is no request for 30 minutes. This value would override the session's timeout set in the website's web.cofig. You could set it to 0 to indicate that the application pool will never shut down and then you could sontrol the session's timeout through web.config. I also found this good article –