session is kept track of, for its time out?

but session variables are stored at the server

so how does the server keep reocrd of whose开发者_StackOverflow中文版 session has timed out.

is any cookie used at the client side?

Yes, cookies are typically used on the client side (but you can also use cookieless sessions, which will encode the Session ID in the urls)

The cookie itself however, has nothing to do with the timeout. The server simply times out the Session when it has not received any request from the client with a particular session for a specified time (the Session timeout).

A cookie is stored on the client with some kind of session id. This tells the server which session it's using. The time out of the session happens on the server. After the timeout if the client sends that same cookie the server says the session is invalid.

The session time out can be set in your web.config or in IIS, it is set to 20 minutes by default, and will expire if it has been inactive for this amount of time. Cookies have a timeout that is explicitly set and created by the developer, when the date/time is reached it will automatically expire.

You can do two things...

1. Use timeout in web.config, can also use timespan--20 minutes is default, also The timeout attribute cannot be set to a value that is greater than 525,601 minutes (1 year) for the in-process and state-server modes.

1. For ASP.net 2.0 Open the IIS management snapin, click Application Pools and select the Application pool for your particular application.

Right Click on that application pool and select Properties.

In the Performance tab, Set the idle timeout for your desired minutes for "shutdown worker processes after being idle for ..... minutes".

Nick