Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Forms timeout, Session timeout

0 views
Skip to first unread message

gnewsgroup

unread,
Apr 21, 2008, 3:17:29 PM4/21/08
to
I think I understand the difference between forms authentication
timeout and the sessionstate timeout. That said, they are giving me
headache.

I have a simple test application using Forms authentication.

In my web.config I have:

<authentication mode="Forms">
<forms loginUrl="Default.aspx" protection="All" timeout="2"
name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="Default2.aspx" cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>
</authentication>

and

<sessionState mode="InProc" timeout="2" cookieless="false">
</sessionState>

Note that I set both timeout values to only 2 minutes. In IIS config,
I set the session timeout to 2 minutes also.

I run this application, and login, let it idle for more than 2
minutes. I thought I am out, but when I click on something, I can
still get redirected to other pages of this application. I thought
that I should be redirected to the Login page. Shouldn't I?

I feel like I have no control over the session timeout at all. What's
going on? Any hint is highly appreciated.

0 new messages