sql sessionState time out vs forms authentication timeout

I would like to display the "Your session has expired" on logon page if session has been idle for given 5 minutes.

What should the time out value be for Sql Session State and Form Authentication Time Out:

1. same?
2. session state> form timeout
3. Form time out > session time.

ideally, if someone could explain the diff between above will be 开发者_Go百科appreciated.

Currently, my code looks like below and Session["SessionID"] is not Null even after Login redirection for idle of 5 minute:

On Session_Start()
 Session["SessionID"] = Guid.NewGuid();

On LogOn.cshtml:

 @{
        string sessionExpiredMsg = string.Empty;

        HttpContext ctx = HttpContext.Current;
        if (ctx.Session["SessionID"] == null)
        {
            sessionExpiredMsg = "Your session has expired. Please re-login again.";
        }
    }
@

On web.config:

<sessionState
timeout=5....

<authentication mode="forms"
 timeout=5....

Thank you.

• Session state timeout means that your asp.net session will expire in x minutes. It doesn't mean that your're not authenticated anymore.
• Forms timeout means that after x minutes, you'll be prompted to log in again(not authenticated anymore).

It's not a problem if your sessionstate timeout lasts longer that your forms timeout because once you'll log in again you will retrieve the last one if not expired.