My sites are not maintaining their authentication. Users are being redirected to the login screen every few minutes. The length of time they remain logged in seems to vary. I am using .Net Framework 3.5 and SQL Server to maintain session state (based on a recommendation from Discount.ASP Support). In web.config I have: <authentication mode="Forms"><forms name=".ASPXAUTHDOPGBBALL" timeout="60" loginUrl="login.aspx" slidingExpiration="true" protection="All" path="/" defaultUrl="default.aspx" /></authentication> <sessionState mode="SQLServer" allowCustomSqlDatabase="true" sqlConnectionString="Data Source=tcp:sql2k505.discountasp.net;database=My Database;User ID=My User ID;Password=My Password" cookieless="false" timeout="60" /> In my login code I have: 'Create a new ticket used for authentication Ticket = New FormsAuthenticationTicket(1, UserName.Text, System.DateTime.Now, DateTime.Now.AddMinutes(60), False, dr1("Roles")) 'Hash the cookie for transport Cookie = New HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(Ticket)) 'Add the cookie to the list for outgoing response Response.Cookies.Add(Cookie) 'Redirect to requested URL, or homepage if no previous page requested strReturnUrl = Request("ReturnUrl") I have been trying to get this to work for some time. Any suggestions would be appreciated! Thanks
The way you're doing SQL Sessions is different, might make the diff. This is how I've been using it: <sessionState allowCustomSqlDatabase="true" mode="SQLServer" sqlConnectionString="Server=sql2k8.discountasp.net;Database=SQL2008_wisemx_sessionstate;User ID=SQL2008_wisemx_sessionstate_user;Password=makeawish" timeout="60" />
Thanks for the response - I made the change you suggested. I was still logged out after about 20 minutes, even though it is set to 60 minutes. This is quite frustrating, and my users are complaining. Is there perhaps another method to authenticate that is more reliable?
It's possible you're seeing application pool recycling based on the application being considered idle - 20 minutes sounds right for that. If that's what it is, it can be worked around with the DASP scheduler.
You can set up a Scheduled task which would make an HTTP call to your url. Please view our KB here. This would keep your application pool from recycling due to the 20min idle imposed limit on our servers.
