You are viewing limited content. For full access, please sign in.

Question

Question

Forms - where to change the timeout in the Web.config file

Forms
Updated April 20, 2020
asked on March 31, 2015 Show version history

Where do I change the timeout length in the Forms directory Web.config file...is it the following binding section and do I just change all of those to something like 00:40:00?:

<netTcpBinding>
<binding name="timeoutBinding" receiveTimeout="00:20:00" sendTimeout="00:20:00" openTimeout="00:20:00" closeTimeout="00:20:00">
<security mode="None" />
</binding>
</netTcpBinding>

0 0

Answer

SELECTED ANSWER
replied on April 1, 2015

Actually Forms won't follow the session timeout settings in IIS, you can change the value for session timeout(in minutes) from web.config in following place:

<authentication mode="Forms"> 
<forms loginUrl="~/Account/LogOn" timeout="20160" name=".LFFORMSAUTH" />

 

1 0

Replies

replied on April 1, 2015

Why don't you do it from IIS?

2 0
View 3 previous replies
replied on April 1, 2015

We do use that configuration in IIS currently, but to my understanding that applies to the entire application and all sessions currently running.

I was just curious about where to set it in the Web.config for a per user session basis.  They added the ability to change this in the 9.1 Forms release.

0 0
SELECTED ANSWER
replied on April 1, 2015

Actually Forms won't follow the session timeout settings in IIS, you can change the value for session timeout(in minutes) from web.config in following place:

<authentication mode="Forms"> 
<forms loginUrl="~/Account/LogOn" timeout="20160" name=".LFFORMSAUTH" />

 

1 0
replied on February 20, 2018

It still seems to kick everyone out every 20,160 minutes at whatever random time that happens to be. Is there a way to do this at midnight? Or after so much idle time?

0 0
replied on July 10, 2018 Show version history

Hi all,

 

Does the above also apply for public-facing forms? users that are not authenticated? 

 

Thanks, 

Ziad

1 0
replied on July 11, 2018

They will not have a session to end. So I can't imagine it would effect their experience in any way. It should just be timing sessions (authenticated users) and terminating them.

Is there any updates on a method to time a session based on activity. So that the timer resets every time a new web request is made from that session? We have two use cases.

One is for shared workstations, in case people forget to logout, so that employees are not say submitting a vacation request under someone else by accident.

Another is for general security.

We need the timer reset to do it properly though, we don't want to log someone out while active, only when they stop sending any requests to the web server.

0 0
replied on April 20, 2020

How do we implement these for Public facing portal where users are not authenticating?

2 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...