asp.net 2.0 session timeout

I apologize in advance for this likely being asked before. I have an asp.net 2.0 web application and am trying to set the session timeout.

My first attempt was to add this to the web.config. < sessionState mode="InProc" timeout="300" >

Users would tell me though that after about 20 minu开发者_Go百科tes of being idle and then trying to do something again on the site they'd be redirected back to the login page.

So now I'm trying timeout="60" in my < forms tag in the web.config.

I also tried Session.Timeout=60 in my global.asax.

Should these work? Do I need something else? Thank you for your time and help.

From another forum post.

There are two different types of timeout. One is an authentication timeout (which redirects you to a login page) and the other is a session timeout (which drops all session vars). I set the session timeout in global.asax session_start by using session.timeout. IN your webconfig, you can set the authentication timeout by editing this tag:

<authentication mode="Forms"> 
    <forms timeout="1024"/> 
</authentication>

Session timeout and the authentication timeout are two separate things.

Any user that comes to your site gets a session, regardless of whether or not they've logged in. After they have been inactive for the specified timeout, their session is gone and they get assigned a new session the next time they hit your site.

Forms Authentication uses an authentication ticket in a cookie that also has a timeout. If the authentication timeout is shorter than the session timeout, the authentication ticket will expire and the users will still be logged out - but they'll still have their session data!

You need to look for the authentication timeout in your web.config and adjust it to match the session timeout.