Setting User Session Timeouts

When setting the site timeouts there are 2 pieces that need to be taken into consideration.

Session State Timeout

1. Web.config (C:\inetpub\wwwroot\chameleon)

   1. <configuration>

      1. <system.web>

         1. <sessionState timeout=480 /> 
            (this number represents minutes - so this example is 8 hours)
            The default value is 20 minutes.

Application Pool Timeout

The settings for the application pool can be found by clicking Properties (IIS 6) or Advanced Settings (IIS 7.5) on the application pool that the application is assigned to.
Ensure this value is set to the timeout of your session, at a minimum, to ensure that all sessions persist for the entire session timeout period.

1. The reason that these two values are dependent on one another is because the session information is actually stored within the worker process of the application pool when session storage mode is InProc (in process). That is to say, if the worker process is shutdown or killed for any reason, the session information will be lost.

Application Pool Recycling

Lost session variables that trigger a user to be forced to login again can be caused by automatic application recycling.

The default for the recycling settings is to recycle every 29 hours (1740 minutes in the default setting).

We have changed this setting to occur overnight at 3:30 am instead. (example SportsNet)

Open