In ASP., you can set the expiration time of the session around: (Original author: Moon Wolf Address: http://www.cnblogs.com/wangyuelang0526/)
One, global Web site (that is, server) level
iis-Web Site-Properties-asp.net-Edit configuration-state Management-session timeout (minutes)-set to 120, which is 2 hours, or 120 minutes after the session expires automatically if the current user does not operate.
Second, the site-level
iis-Website-specific sites (such as demosite)-attribute-asp.net, there are two options, one is "edit global Configuration" and one is "edit configuration".
If you edit global configuration, it is the same as the previous configuration.
If edit configuration, it is only valid for the current site. Because a server may have many independent sites.
1. Continue to select "State Management"-session timeout (minutes)-set to 360, or 360 minutes. The effect is the same, but only for the current site.
2, identity authentication-forms-cooke timeout, select "12:00:00", that is, 12 hours. There are eight options available:
00:15:00
00:30:00
01:00:00
02:00:00
04:00:00
08:00:00
12:00:00
1:00:00:00
That is, the maximum 24 hours, the minimum 15 minutes. This is the default configuration. Can be freely customized in the application.
Third, application-level
With Web site management, except that scopes are limited to current applications.
Four, page level
On a page, set session.timeout = 30 to temporarily modify the session Expiration time for a page.
To view the expiration time of a session, you can use
View Plaincopy to Clipboardprint? TimeSpan sesstimeout = new TimeSpan (0, 0, System.Web.HttpContext.Current.Session.Timeout, 0, 0); TimeSpan sesstimeout = new TimeSpan (0, 0, System.Web.HttpContext.Current.Session.Timeout, 0, 0);
The settings for two and three, which are shown in Web. config, are:
<?xml version="1.0"?> <configuration> <system.web> <authentication mode="Forms"> <forms name="Authlogin"Loginurl="/login.aspx"Protection="All"Timeout="360"Slidingexpiration="True"/> </authentication> <sessionstate mode="InProc"Cookieless="False"Timeout="20"/> </system.web> <location path="Login.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> </configuration> <?xml version="1.0"? ><configuration><system.web><authentication mode="Forms"><forms name="Authlogin"Loginurl="/login.aspx"Protection="All"Timeout="360"Slidingexpiration= "true"/></ Authentication><sessionstate mode= "inproc< Span style= "color: #800000;" > "Cookieless=" false "20"/> </system.web><location path= "login.aspx< Span style= "color: #800000;" > "><system.web><authorization><allow Users=" * "/></authorization></system.web></location></ configuration>
The above settings are prioritized at page level > application level > Site level > Server level. In other words, if the page is set to 20 minutes and the site is set to 120 minutes, then it obviously takes 20 minutes for the expiration time to take effect.
Another notable area.
At set two, set the session timeout (sessionstate) for 120 minutes, while using forms authentication, set to "00:15:00", which is 15 minutes, and Slidingexpirationo to False, What is the expiration time of the session that actually takes effect?
The valid result is the sessionstate setting, which is 120 minutes.
If you have set the session expiration time not in effect, please check the above configuration.
ASP. Net. config set session expiration time