{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 淡お忘 的问题《ASP.NET Session Timeout Testing》','https://www.manongdao.com/q-264491.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm a doing some blackbox testing of a ASP.Net website and I need to test different session timeout scenarios.
I'm not sure they fully encapsulated session timeouts. Other then leaving a page open for 20 minutes is there an easier way to force a session timeout?
You can change the timeout in your webconfig
Recycle the app pool on the server.
Bounce the AppPool and session will be lost.
if you don't have direct IIS access, you can open and save Web.Config to do the same thing (Don't use notepad, it screws up the encoding).
Make a shorter timeout.
The easiest way would be to open the page in two different tab and logout at other tab would automatically expire session in first tab. Most of the browsers share session across the tab. So i find it very easy without modifying anything in web.config. This way you could test even if a particular feature is not handling redirect to login when session expires.
If you are storing your session information in a cookie, you could try deleting your cookies.