In ASP.Net the default Session Timeout is set to 20 minutes. Why so? Is there any specific reason behind it?
It should not be set higher than 20 minutes (except in special cases) because every open session is holding onto memory.
From Session.Timeout on MSDN site
Note they also give an explanation for the minimum
It should also not be set lower than 4 minutes because clients rarely respond within that time resulting in a loss of session state.
Hope this helps...
Well: 10 minutes is too fast. 30 minutes is too long. 15, 25 minutes - number is not pretty. So, they decided on 20 :P
There is no magical meaning in number 20. It is just decided to be an optimal and prettiest value for session timeouts.
If you have fewer users, or if you save the session state to a DB, a larger timeout won't consume too many resources.
来源:https://stackoverflow.com/questions/412462/asp-net-session-timeout-why-20-minutes-used-as-default