Forms Authentication timing out when it shouldn

2019-03-16 17:06发布

I have a problem with an ASP.NET application that is driving me nuts.

When a user leaves a page inactive for a period of time the session was timing out and error were being thrown due to session variables not being resolvable (I will error trap this anyway but this is not the problem). I coded a 'defribulator' which will perform an invisible postback after half of the session timeout has expired and this seemed to work fine - leaving the application for 30 mins did not cause an error even though the session timeout was set for 20 mins. However, this morning one of the other Devs experienced a timeout - How is this possible?

On further investigation I think that the problem occurs when the Forms Authentication timeout is exceeded - even though the defribulator has been (apparently) keeping the session alive. I have read that the Authentication ticket will only be reissued if a postback occurs after half of the specified timeout period has elepsed and this can't the issue as the defrib will have issued requests during the second half of the timeout period - so why was it not reissued?

I suppose I could get around the problem by setting the authentication timeout to 8 hours or so but that is a poor fix.

Can anyone shed any light on this?

Thanks in advance

[Edit 24/11/2008] Reviewing the Log Files has proved enlightening and confusing. I can see the defribulator firing after 10 minutes of inactivity but while the Session_Id appears to be consitent throughout, the forms authentications ticket ID changes - not sure if it is supposed to or not. I'm formulating a test plan now and will post back when i have completed them. Thanks to everyone who have provided feedback so far.

[Edit 24/11/2008] Well I'm stumped - everthing seems to be working fine at the moment! The Authentication ticket is being regenerated when the defrib runs (the ID changes) and the session is being maintained. Was it a server issue - can't tell. I have experienced this problem before and never got to the bottom of it and it is very frustrating - surely it should not be this difficult. I'm going to have to let this drop for the timebeing as I have to get on with some other aspects of the application. I'll just have to code around this issue - which may never occur on the customer site.

Thanks again for everyones input - if I make any progress I will post it back here.

4条回答
再贱就再见
2楼-- · 2019-03-16 17:24

Thanks for the response guys: I have already explicitly set slidingExpiration to true in the web.config with no effect.

The timeout values are: Session: 20 minutes FormsAuthentication: 60 minutes

I have left the session timeout as is and reduced the FormsAuthentication to 12 minutes for testing. The defrib 'pings' every 10 minutes. If I leave the page inactive for 14 minutes and then click a button I get the problem #edit: but not everytime it seems!#.

查看更多
该账号已被封号
3楼-- · 2019-03-16 17:28

This may also happen when iis recycles or terminates the application pool.

You may want to check Troubleshoot Forms Authentication It could be that the client lost their cookie.

If you manually generate the authentication ticket, you need to set the timeout in code and not the web.config

查看更多
贪生不怕死
4楼-- · 2019-03-16 17:29

Have you checked against an application pool or worker process recycling causing the problem?

查看更多
The star\"
5楼-- · 2019-03-16 17:33

Don't mean to state the obvious, but:

  1. Are the Session and FormsAuthentication timeouts set to the same value?
  2. Is slidingExpiration set to true?
查看更多
登录 后发表回答