How to Increase or Decrease Session Timeout in Your ASP.NET Application
Written by Rodolfo Hernandez Monday, 5 November 2012
In this article, I will give you a step by step guide on how to set, increase or decrease session timeout for your ASP Application.
1. To set the session timeout for your application we will use the timeout attribute. The timeout attribute indicates the time (minutes) that the user will stay logged in into your application. To set the time, we will edit the web.config file your application.
2. Open web.config and look for this tag:
3. Now, we are going to add the timeout parameter. We will set it for 600 minutes:
4. In the image above, the user will stay logged in for 600 minutes until he decides to sign out. If you need to either decrease or increase, you just need to change the time (600) you don’t have to declare the tag again.
By default, ASP.NET stores the authentication token, using a cookie. If you have previously logged in, ASP.NET will read this cookie and check if the session is still active .
We strongly recommend setting the session timeout to a short time for greater control and security of your ASP application.