More in Blog
Strange asp.net session timeout issue
In asp.net the inproc session is generated from a worker process which is automatically recycled after 20 minutes. The problem with this is that if you have a session set to more than 20 minutes, the worker process will kill the session and when using forms authentication causes some interesting issues (from exceptions to security flaws exposed).
I spotted this blog entry
Cookie Timeout Problem - usingtangent was suffering the same problem and highlighted the issue for me.
Due to running various websites on our web server, I cannot fiddle with the recycle time of the process, so have set my forms and sessions time-out to 20 minutes.
Also given me an idea of how to secure my code more, I will be implementing my own session expiration code that will force the forms authentication to log the user out, essentially tying the forms and session time outs together.
I spotted this blog entry
Cookie Timeout Problem - usingtangent was suffering the same problem and highlighted the issue for me.
Due to running various websites on our web server, I cannot fiddle with the recycle time of the process, so have set my forms and sessions time-out to 20 minutes.
Also given me an idea of how to secure my code more, I will be implementing my own session expiration code that will force the forms authentication to log the user out, essentially tying the forms and session time outs together.
Links
 | Keeping the tangents documented: Cookie Timeout Problem - (54 clicks) Edited by NickR on Mar. 21 2007 |
- Information channels
- Recent files