Tuesday, August 12, 2008

Session Expiration Problem

I was working on extending the session expiration of a webpage. My requirement was very simple - "Just want to keep the page without session expiring for 2 hours"... Yeah, it's simple - that's the initial thought many programmers would get! I initially thought that just changing the <sessionState> of web.config like below would do the job.

<sessionState timeout="120">

but this didn't solve the problem for me... When I clicked a link in the webpage (that was open for more that 20 minutes) , I was re-directed to the login page. So I had to configure the <authentication> as well.

<authentication mode="Forms">
<forms timeout="120">


Thereafter I changed "Shutdown Worker Processors after being idle for" and "Recycle Worker Process" settings in IIS Application pool.
(In IIS 6, these settings are available at Application Pools => Used application pool => Properties => in Performance tab and in recycling tab)

These IIS changes ensures that the worker processor would not be closed after a given period of time (the default is 20 mins). For instance, we might have a website where the session expiration time is 2 hours, and also authentication expiration time is 2 hours. If we don't change the IIS "Shutdown Worker Processors after being idle for" setting and leave it as the default value "20 minutes", there would be a situation where IIS close the Worker Processor in 20 mins!

So, all these settings need to be configured, to properly set the session expiration time to a large value.

No comments: