I am using a security provider and it is logging out the user after 5 minutes. It is Classic ASP and I have confirmed that Session Time-out is set to 60 minutes. I have searched everything I am aware of. Not sure if it is the security provider but don’t know where else to look. Anyone have an idea or direction I can look at.
Think I may have found the issue in an application pool setting. I will update this once I confirm in case anyone else has the issue.
1 Like
Hi @ken,
Did you find a way to resolve the timing out issue? My Server Model is ASP.NET and I’ve come across the same issue, especially on mobile devices where a session stops responding (logs out) after a few seconds (I think the session timeout is set to 60 seconds or less by default in Chrome on mobile devices). The Session time-out is set to 20 minutes in IIS.
Although checking the Remember Me option on login screen works well both on desktop and mobile devices, all users may not tick this option, resulting in timing out of their sessions after a few seconds. So, even this option is not an ideal solution.
By default sessions are stored in memory and when the application pool is being recycled you loose all sessions. If possible you should set the recycle to a time that there are almost no users on the server and just once a day is enough.
An other option is to look if you can store the sessions somewhere else. https://docs.microsoft.com/en-us/previous-versions/aspnet/ms178586(v=vs.100)
1 Like
@patrick That’s a very helpful post, thanks for sharing it.!
Hi @patrick,
Thanks for the information regarding sessions and the link!
In my case, even though the Session Time-out was set at 20 minutes and Recycling time was set at a Regular Interval of 1740 minutes (default), I couldn’t get the InProc Sessions working. The reason is that I’m using more than 1 worker process (Web Garden scenario) and InProc session mode doesn’t work for this setup.
To get the sessions working in a Web Garden scenario, I had to look at the options of setting up session modes other than InProc mode. After going through the documentation; it seems beyond my level of expertise at this stage.
So, I have implemented the cookie method like this for the user to staying logged in:
- Set value of
Security Provider->Cookie Option->Expires= 1 (day) - Set default value of
Remember Meoption on the login page tochecked - Added
dmx-hideoption on theRemember Meform fieldWhen = input_checkbox.checked - Added
Action Scheduleron the logged in page / pages withdelay = 60 minutesto logout the user after 60 minutes of inactivity (mouse: click and mouse: move)
I have tested this setup and this is working correctly on both desktop and mobile.
Will this be a workable solution in every other situation such as Shopping Carts? I would certainly be interested in getting your opinion on this setup in place of sessions 