Session Timeout

**Scott Roberts** · Feb 20 '08, 10:15 PM

Re: Session Timeout

<trullock@googl email.comwrote in message
news:fb56222a-8ba9-4339-a94b-baa4c44b5c1a@e2 5g2000prg.googl egroups.com...

Hi,
>
I want to test some session timeout code ive written but im getting a
few problems.
>
I want to reduce the session timeout to 1min so i dont have to wait
around for 20 min to see if my code is working. Quite simply, how do i
do this?
>
I want the session to behave exactly as it does normally (is that
InProc mode?)
>
After reading a lot, i think i need something like the below. When i
stick this in the webconfig:
>
<sessionState mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424" cookieless="fal se"
timeout="1"/>
>
I get a new session on every request. If i set cookieless to true then
it works as i'd expect, but my code is checking for the cookie so
thats no good to me.
>
If i use mode = sessionstate then i still get a new session on every
request.
Starting the asp.net session state service makes no difference :(
>
Am I missing something?
>
Thanks
>
Andrew

Are you actually putting anything into the session? I don't think IIS keeps
the session *at all* if it's not used (there might be a setting for that).
Just put something, anything, in there to make IIS keep the session alive.

Also, are you sure the timeout value is specified in minutes? I don't recall
off the top of my head.

**=?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=** · Feb 21 '08, 03:05 AM

Re: Session Timeout

It's not "IIS" - its ASP.NET that handles the ASP.NET Session. And yes, if
you do not actually create a Session Item, then there is no real "Session" to
speak of.
-- Peter
Site: http://www.eggheadcafe.com
UnBlog: htp://petesbloggerama .blogspot.com
Short Urls & more: http://ittyurl.net

"Scott Roberts" wrote:

>
<trullock@googl email.comwrote in message
news:fb56222a-8ba9-4339-a94b-baa4c44b5c1a@e2 5g2000prg.googl egroups.com...

Hi,

I want to test some session timeout code ive written but im getting a
few problems.

I want to reduce the session timeout to 1min so i dont have to wait
around for 20 min to see if my code is working. Quite simply, how do i
do this?

I want the session to behave exactly as it does normally (is that
InProc mode?)

After reading a lot, i think i need something like the below. When i
stick this in the webconfig:

<sessionState mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424" cookieless="fal se"
timeout="1"/>

I get a new session on every request. If i set cookieless to true then
it works as i'd expect, but my code is checking for the cookie so
thats no good to me.

If i use mode = sessionstate then i still get a new session on every
request.
Starting the asp.net session state service makes no difference :(

Am I missing something?

Thanks

Andrew

>
Are you actually putting anything into the session? I don't think IIS keeps
the session *at all* if it's not used (there might be a setting for that).
Just put something, anything, in there to make IIS keep the session alive.
>
Also, are you sure the timeout value is specified in minutes? I don't recall
off the top of my head.
>
>

**adda** · Feb 21 '08, 12:45 PM

Re: Session Timeout

Hey Andrew,

You can declare a timeout value within the Session_Start
global.asax event, i.e. Session.Timeout = [ValueInMinutes] or
alternatively set the timeout property in the session state web.config
parameter.

Session management is managed through the processing of a Session cookie
on your machine, and on every postback to the server, and the browser
will embed the cookie information. ASP.NET will process that cookie
information, matching the ASP_SessionID key, which is embedded, against
the key that resides either in the InProc(ess), StateServer, or SQL
state server. If the key matches up, and it hasn't expired, i.e. Session
timeout, then the session continues. Alternatively, if cookies are
disabled, and the session management is cookieless, the ASP_SessionID is
placed in POST back URL to your server, in the <FORM tag.

However, if the cookie isn't being sent (Browsers can have cookies
disabled), then ASP.NET will continuously recreate a new session. I've
read somewhere that Anti-Virus programs that touch the web.config also
cause the invalidation of session data. However I cant see how that
would happen personally, might be a cache dependancy set somewhere.
Perhaps somebody that knows could explain this?

Can I make a suggestion, to understand more about session, get a copy of
WireShark off the web, it's a packet sniffer allowing you to trap
packets of information following between your browser and the server.
It'll show you in the HTTP POST or GET packets whether there is a
reference to the ASP.NET cookie or not. Rather invaluable in
understanding, and debugging difficult AJAX calls etc.

I'm not sure if I've helped or not.

Cheers
Chris

trullock@google mail.com wrote:

Hi,
>
I want to test some session timeout code ive written but im getting a
few problems.
>
I want to reduce the session timeout to 1min so i dont have to wait
around for 20 min to see if my code is working. Quite simply, how do i
do this?
>
I want the session to behave exactly as it does normally (is that
InProc mode?)
>
After reading a lot, i think i need something like the below. When i
stick this in the webconfig:
>
<sessionState mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424" cookieless="fal se"
timeout="1"/>
>
I get a new session on every request. If i set cookieless to true then
it works as i'd expect, but my code is checking for the cookie so
thats no good to me.
>
If i use mode = sessionstate then i still get a new session on every
request.
Starting the asp.net session state service makes no difference :(
>
Am I missing something?
>
Thanks
>
Andrew

Session Timeout

Session Timeout

Comment

Comment

Comment