How to Increase or Decrease Session Timeout in Your ASP.NET Application

In this article, I will give you a step by step guide on how to set, increase or decrease session timeout for your ASP Application.

1. To set the session timeout for your application we will use the timeout attribute. The timeout attribute indicates the time (minutes) that the user will stay logged in into your application. To set the time, we will edit the web.config file your application.

2. Open web.config and look for this tag:

<authentication mode=”Forms”>

3. Now, we are going to add the timeout parameter. We will set it for 600 minutes:

4. In the image above, the user will stay logged in for 600 minutes until he decides to sign out. If you need to either decrease or increase, you just need to change the time (600) you don’t have to declare the tag again.

By default, ASP.NET stores the authentication token, using a cookie. If you have previously logged in, ASP.NET will read this cookie and check if the session is still active .

We strongly recommend setting the session timeout to a short time for greater control and security of your ASP application.

Looking for quality Asp Hosting? Look no further than Arvixe Web Hosting!

Happy Hosting!

Rodolfo Hernandez

Tags: , , , , , , , , , , | Posted under ASP .NET 3.5, DotNet/Windows Hosting | RSS 2.0

Author Spotlight

Rodolfo Hernandez

I like photography and reading books. Currently working for Arvixe as Elgg Community Liaison. Elgg Security Expert Web Security Expert CEO of UDP SW Social Web

2 Comments on How to Increase or Decrease Session Timeout in Your ASP.NET Application

  1. Hamme Tech says:

    One thing to keep in mind is that there is an Idle timeout setting associated with the Application Pool. If you have a limited activity website and want your users to have a 600 minute session timeout (per the example), you may need to increase the idle timeout in the application pool (default of 20 minutes) or you can create a scheduled task to hit your site every X number of minutes to keep the application pool alive.

Leave a Reply

Your email address will not be published. Required fields are marked *