Set Session expiration in asp.net)

In Asp.net applications, many people encounter conflicting Session expiration settings. Here, you can set the expiration time of the Session in four ways:

1. Global websites (servers)

IIS-website-properties-Asp.net-edit configuration-state management-Session Timeout (minutes)-set to 120, that is, 2 hours, that is, if no operation is performed by the current user after 120 minutes, the Session will automatically expire.

2. website-level

IIS-website-specific website (such as DemoSite)-attribute -Asp.net, there are two options: "Edit global configuration" and "Edit configuration ".

If you click "Edit global configuration", it is the same as the previous configuration.

If you select "Edit configuration", it only takes effect for the current website. Because a server may have many independent websites.

1. Choose "status management"> "Session Timeout (minutes)"> "360", that is, 360 minutes. The effect is the same as that of the current website.

2. Authentication-Forms-coke times out. Select "12:00:00", that is, 12 hours. There are eight optional items:

00:15:00

00:30:00

01:00:00

02:00:00

04:00:00

08:00:00

12:00:00

1: 00: 00: 00

That is, the maximum is 24 hours, and the minimum is 15 minutes. This is the default configuration. You can customize your applications.

3. Application-level

Same as website management, but the scope is limited to the current application.

4. Page-level

On a page, set Session. Timeout = 30; to temporarily modify the Session expiration time of a page.

View the expiration time of a Session. You can use

TimeSpan SessTimeOut = new TimeSpan(0, 0, System.Web.HttpContext.Current.Session.Timeout, 0, 0);

The second and third settings are reflected in Web. config:

Set Session in Web. config

<?xml version="1.0"?><configuration>    <system.web>        <authentication mode="Forms" >            <forms name="AuthLogin" loginUrl="/Login.aspx" protection="All" timeout="360"  slidingExpiration="true"/>        </authentication>        <sessionState  mode="InProc"      cookieless="false"       timeout="20"    />    </system.web>    <location path="Login.aspx">        <system.web>            <authorization>                <allow users="*" />            </authorization>        </system.web>    </location></configuration>

The priority set above is page-level> application-level> website-level> server-level. In other words, if the page is set to 20 minutes and the website is set to 120 minutes, then the expiration time is obviously 20 minutes.

AnotherIt is worth noting that.

In step 2, set the Session Timeout (SessionState) to 120 minutes, and use forms authentication at the same time, set it to "00:15:00", that is, 15 minutes, And slidingExpirationo is false, what is the expiration time of the Session that actually takes effect?

The valid result is the SessionState setting, that is, 120 minutes.

If the Session expiration time has not been set to take effect, check the above configurations.

Invitation month Note: The copyright of this article is jointly owned by the invitation month and the blog Park. For details, please indicate the source.
Helping others is the same as self-help! 3w@live.cn