ASP.NET MVC 4 Session timeout

Question

I am developing an Internet app with ASP.NET MVC4 using VS 2012, IIS 7.5. I am using Forms Authentication for the same. The settings in my web config is as follows.

<authentication mode="Forms">
    <forms loginUrl="~/Account/Login" timeout="30" name="userInfo" slidingExpiration="true" enableCrossAppRedirects="false" protection="All" >
    <credentials passwordFormat="Clear"/>
  </forms>
</authentication>

But the Idle Timeout (minutes) setting in IIS is 20. When I refresh my application after 20+ minutes I am getting an error saying one of my session objects is null. But if I refresh my app after 30 minutes, it is working fine, that it is redirecting me to the login page. After entering the credentials, I am navigated properly to the appropriate page.

I am not understanding why I am getting an error after 20 minutes! (which is the IIS idle time settings as far as I know). Please help.

Thanks

Answer 1

The forms authentication does not handle session timeout. You want to adjust the Session State timeout instead. MSDN has an article on the sessionState element of the web.config for more details.

If you are going to be using the Session State, I would read up on the different providers. If you ever want to scale your application beyond a single web server, you will want to use a different session provider than the InProc one. Using an out of process session provider requires objects be serializable which will likely be a breaking change later. Make the change now to save yourself headaches later.