Increasing session timeout in core web app

Stuart Little 21 Reputation points


I would like to increase the session timeout from 20 minutes to 4 hours.

To achieve this, in the ConfigureService of startup.cs, I have the following code

                .AddCookie("SampleAuth", config =>
                    config.Cookie.Name = "Sample.Cookie";
                    config.LoginPath = "/Login/Index";
                    config.AccessDeniedPath = "/Login/Unauthorized";
                    config.ExpireTimeSpan = TimeSpan.FromMinutes(240);
                    config.SlidingExpiration = true;

services.AddSession(options => { options.IdleTimeout = TimeSpan.FromMinutes(240); });

In Configure method, I have app.UseSession();

Also, in the IIS, I have increased the session timeout to 4 hours.

However, the session still timeout after 20 mins.

Can you please let me know what else I am missing?

Thank you.

A set of technologies in the .NET Framework for building web applications and XML web services.
4,361 questions
{count} votes

Accepted answer
  1. Bruce ( 60,866 Reputation points

    session is unrelated to the authentication cookie. session uses its own cookie with an expiration time. most likely your server is going idle and being recycled, thus changing the encryption keys, making both cookies invalid.

    either use a persistent key storage provider, or disable idle shutdown.

2 additional answers

Sort by: Most helpful
  1. Brando Zhang-MSFT 3,441 Reputation points Microsoft Vendor

    Hi @Stuart Little ,

    By default, the session's data is stored inside the server memory and the IIS contains the idle-timeout. The idle-timeout default value is 20 minutes. If there is no request send to the server during 20 minutes. The IIS will terminate the application pool's worker process. If you don't want to use other storage like redis or storage to store the session data, I suggest you could modify the idle tomeout to 0.

    More details about how the session state works inside the IIS, I suggest you could refer to this article.


    1 person found this answer helpful.
    0 comments No comments

  2. SurferOnWww 2,406 Reputation points

    Can the following Microsoft document help?

    Session and state management in ASP.NET Core

    As for the "Increasing session timeout" see the following section:

    Configure session state

    I would like to increase the session timeout from 20 minutes to 4 hours.

    Try to set: options.IdleTimeout = TimeSpan.FromHours(4);