Share via

How do I make user authentication timeout last longer

Donald Symmons 3,066 Reputation points
2023-04-12T07:57:14.8866667+00:00

Hello forum, Please there is something I need to understand regarding authentication timeout in the Web Config. I am using Session with authentication. Each time I login in my local machine, within a short duration, I get logged out. At first, the timeout was “60”, I then increased it to “120”; the duration lasted more than the “60”. I thought having a timeout of “120” meant its 120 minutes ? I just want to get know how to make user stay longer, if it's other than this. Thanks Web Config

<system.web>
    <sessionState timeout="120">
    </sessionState>
    <authentication mode="Forms">
      <forms name="login" timeout="120" cookieless="UseCookies" loginUrl="Login.aspx" defaultUrl="Dashboard.aspx" slidingExpiration="true" />
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.7.2" maxRequestLength="3145728" />
    <customErrors mode="Off" />
    <pages enableEventValidation="false">
      <controls>
        <add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
      </controls>
    </pages>
  </system.web>
Developer technologies .NET Other
Developer technologies ASP.NET Other
Developer technologies XAML
Accepted answer
  1. Tristan Hill 75 Reputation points
    2023-04-12T10:46:38.37+00:00

    If you want to extend the user authentication timeout duration, there are a few ways to achieve this depending on your specific scenario. Here are some potential options:

    1. Modify the session timeout value in your web.config file: If you're using ASP.NET, you can modify the sessionState timeout value in your web.config file to increase the duration of user authentication. For example, you can set it to 60 minutes instead of the default 20 minutes like this:
    <configuration>
  <system.web>
    <sessionState timeout="60"></sessionState>
  </system.web>
</configuration>
    1. Keep the session alive with JavaScript: You can also use JavaScript to keep the user's session alive by periodically sending requests to the server to keep the session alive. You can use the setInterval function to send an AJAX request every few minutes, for example:
    setInterval(function () {
  $.get('/keepalive');
}, 60000);

    This will call a "keepalive" endpoint on your server every minute to prevent the session from timing out.

    1. Increase the session timeout in the server-side code: If you're using a server-side framework like Node.js or Ruby on Rails, you can increase the session timeout in your code. For example, in Express.js, you can set the session timeout like this:
    app.use(session({
  secret: 'your-secret-key',
  resave: false,
  saveUninitialized: false,
  cookie: { maxAge: 3600000 } // 1 hour
}));

    Keep in mind that extending the session timeout also increases the risk of security vulnerabilities. Attackers may gain access to a user's account if they can hijack a session that is still active. So it's important to balance the need for longer session timeouts with the need for security.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.