问题
In my ASP.NET MVC5 website the login and session timeout in web.config are as follows:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" slidingExpiration="true" timeout="60"/>
</authentication>
<sessionState mode="InProc" timeout="60"/>
</system.web>
Still the session or authentication times our in five minutes. I have approached my web hosting provide to increase the timeout in IIS and they shared a screenshot after increasing the timeout in IIS, but nothing changed. Any idea why this is happening.
回答1:
First of all, try setting session timeout on Session_Start method inside Global.asax:
void Session_Start(object sender, EventArgs e)
{
Session.Timeout = 60;
}
Note: By using in-process session state, your sessions will wiped out every IIS application pool recycles, which in your issue app pool recycled after 5 minutes.
If above attempt doesn't work and you have access to server's IIS management, do these steps:
- Open IIS Manager.
- Select Application Pools => [your app pool name] => Recycling/Advanced Settings.
- Enable
Regular time interval (minutes)and set it to 60, then apply your changes.
If you don't have access on both IIS Manager & SQL Server configurations, you might want to try DB-based session state management instead of InProc mode (see MSDN reference below).
DB-based session state requires changing mode attribute to SQLServer, e.g.:
<system.web>
<sessionState mode="SQLServer" sqlConnectionString="Integrated Security=SSPI;Data Source=SERVERNAME;Initial Catalog=DATABASE" />
</system.web>
Reference:
MSDN: https://msdn.microsoft.com/en-us/library/ms178586.aspx
Session expires too quickly in asp.net mvc4 application
回答2:
It was an issue with the SystemIdleTime variable in the IIS. I requested my hosting provider to increase this value to 30 minutes and it worked.
It indicates that all my session variables would erase as the application pool shuts down when there is no request for 30 minutes. This value would override the session's timeout set in the website's web.cofig. You could set it to 0 to indicate that the application pool will never shut down and then you could sontrol the session's timeout through web.config. I also found this good article –
来源:https://stackoverflow.com/questions/39866953/asp-net-mvc-auth-or-session-expires-quicker-than-set