All geek questions in one place

Understanding ASP.Net Session Lifetime

I am confused about the concept of ASP or ASP.Net session time (or life cycle). In particular, my perplexities:

  • How does IIS decide to start a new session and end an existing session? Especially, how does IIS decide if the session continues or ends when we call the redirect code?
  • How can we set the session end time? (Currently, I only know to set it through the web.config sessionState element of web.config sessionState .)
  • Is it possible for one session to have access to other session variables?
+4
source share
4 answers

A session is usually handled by creating a unique identifier as a cookie on the client machine. This is usually a session cookie, so you cannot easily reach it. When you visit a site that uses sessions, it searches for this cookie. If he does not find it, he creates a new one, creating a new session.

One way to set the expiration time is in web.config, you can also set it in IIS by going to the properties of your website → tab “Home” → button “Configuration” → tab “Settings” → “timeout” session. "

You will not be able to access elses session data.

+4
source

  • A session starts because the request does not contain a session cookie or a session cookie in which it is no longer displayed on the session. The session ends: a) it is idle without further requests referring to it for the waiting period. b) it is intentionally interrupted by a code. c) A process session is processed when the process is running, for example. when the application is redesigned.

  • Various ways to change the timeout will basically change the web.config file or the configuration file from which the value is inherited.

  • Not if the session object is intentionally placed by code somewhere that another session can access.

+4
source

You can set the session timeout programmatically:

 Session.Timeout = 60;
+3
source

Remember also the AppPool settings ... by default (IIS 6 anyway) it will be recycled every 120 minutes. Thus, it is possible that someone may lose their session less than the set value of Session_Timeout.

+1
source

Source: https://habr.com/ru/post/1285755/

More articles:


All Articles