Summary of methods to set session expiration time in asp

Author：Eve Cole Update Time：2025-03-01 23:16:01

The default session expiration time in asp is 20 minutes, which is not enough in many cases. Today, there are many requests from customers to log in again, so I have prepared this article for the convenience of friends who need it. If the session expiration time is not set in the program, then the session expires. The time will be executed according to the expiration time set by IIS. The default session expiration time in IIS is 20 minutes. The session time in IIS can be changed.

The time setting should be placed first

For example

Copy the code code as follows:

Session.Timeout=30 'SEESION is valid for 30 minutes

Session(ID)=Rs(id)

Session(Name)=Rs(Name)

Session(Pass)=Rs(Pass

Use the Session.Timeout property to set the timeout period

For a user who logs in to an ASP application, if the user does not perform any other operations within the system default time, the user's Session will be automatically revoked when the set time is up, thus preventing system resources from being wasted. The TimeOut property of the Session object can be used to set the expiration time in minutes. The setting format is:

Copy the code code as follows:

Session.TimeOut=MaxTime

Example code: (5.asp) page, this example shows how to control the end of the session.

Copy the code code as follows:

<%@ language=vbscript %>

<% session.timeout=60 %>

<html>

<head><title>Control the end time of the session</title><head>

<body>

who = Session.SessionID

CurrentPage=Request.ServerVariables(SCRIPT_NAME)

Response.AppendTolog who & : & CurrentPage

Response.write <center>Your session ID is: & who & <p>

Response.write The path of the page you are currently visiting is: & CurrentPage & <p>

if Session(I)= then

session(i)=1

else

session(i)=session(i)+1

end if

Session.Abandon

Response.write This page has been refreshed & Session(i) & times by you. </centr>

In Asp.net applications, many people will encounter conflicts in Session expiration settings. Among them, there are four ways to set the expiration time of Session:

1. Global website (i.e. server) level

IIS-Website-Properties-Asp.net-Edit Configuration-State Management-Session Timeout (minutes)-Set to 120, which is 2 hours, that is, if the current user does not operate after 120 minutes, the Session will automatically expire.

2. Website level

IIS - Website - Specific website (such as DemoSite) - Properties - Asp.net. There are two options at this time, one is to edit the global configuration and the other is to edit the configuration.

If you edit the global configuration, it will be the same as the previous configuration.

If you edit the configuration, it will only take effect on the current website. Because a server may have many independent websites.

1. Continue to select Status Management - Session Timeout (minutes) - set to 360, that is, 360 minutes. The effect is the same as above, but it only takes effect on the current website.

2. Identity Authentication-Forms-Cooke timeout, select 12:00:00, which is 12 hours. There are eight options available:

00:15:00

00:30:00

01:00:00

02:00:00

04:00:00

08:00:00

12:00:00

1:00:00:00

That is, the maximum is 24 hours and the minimum is 15 minutes. This is the default configuration. It can be freely customized in the application.

3. Application level

Same as website management, except the scope is limited to the current application.

4. Page level

In a certain page, set Session.Timeout = 30; to temporarily modify the session expiration time of a certain page.

To check the expiration time of a Session, you can use

Copy the code code as follows:

TimeSpan SessTimeOut = new TimeSpan(0, 0, System.Web.HttpContext.Current.Session.Timeout, 0, 0);

Among them, settings two and three are reflected in Web.config:

Copy the code code as follows:

view plaincopy to clipboardprint?

<?xml version=1.0?>

<system.web>

</authentication>

</system.web>

<system.web>

</authorization>

</system.web>

</location>

</configuration>

<?xml version=1.0?>

<system.web>

</authentication>

</system.web>

<system.web>

</authorization>

</system.web>

</location>

</configuration>

The priority of the above four settings is page level > application level > website level > server level. In other words, if the page is set to 20 minutes and the website is set to 120 minutes, then 20 minutes will obviously be the effective expiration time.

Another point worth noting.

In the second setting, set the session timeout (SessionState) to 120 minutes, and use forms authentication at the same time. Set it to 00:15:00, which is 15 minutes, and slidingExpirationo is false. What is the actual Session expiration time that takes effect?

A valid result is the SessionState setting, which is 120 minutes.

If the Session expiration time is set but does not take effect, please check the above configurations.

Other methods found online

1. Operating system: Windows Server 2003

Steps: Start->Administrative Tools->Internet Information Services (IIS) Manager->Website->Default Website->Right-click Properties->Home Directory->Configuration->Options->Enable Session State->Session Timeout (here Set the timeout you want in minutes). OK.

2. Setting the Session expiration time in ASP.NET applications

In web applications such as ASP.NET, Session is a common method used to save user status. However, since the server memory space is limited, Session expiration time setting is necessary. How to set the Session expiration time in ASP.NET? It is very simple. Just modify the web.config configuration.

The specific modification method is as follows, configure as follows in web.config

Copy the code code as follows:

<system.web>

</system.web>

What this refers to is that the Session expiration time is 30 minutes. That is to say, if the current user does not operate after 30 minutes, the Session will automatically expire.

3. In the cs page that calls Session, write the following in the Load event

Copy the code code as follows:

Session.Timeout = 30;

4. Store session in asp.net state service

Copy the code code as follows: