Short Description : The IIS server variable "HTTP_COOKIE" expires at a time that does not seem to be controlled by any timeout variable, and I would like to know what causes it. I tried changing all the timeout / expiration control values that I see in IIS and nothing changes it from about 20-30 minutes.
Detail
We have a C ++ back-end application that uses the IIS Server variable "HTTP_COOKIE" to store state data, and most importantly, the session identifier (GUID for the rest of the question) of the current session for this user. There is a requirement that any user can only log in once, and the GUID is one of the pieces of data used to ensure this - each time the user logs in, the GUID is updated. Each time a user completes an action, the GUID stored locally in the sessionStorage tab (that is, the value that it has when the user first accesses this tab) is checked for the GUID previously created for this user. If they do not match, the user launches the application on this tab.
Now the problem is that there are two situations when the GUID will be updated: when the user logs in and when the application cannot find the existing GUID in its memory or the HTTP_COOKIE line. Case 1 is fine - this is what we want. Case 2 is annoying because something seems to be happening in the IIS setup, which causes the HTTP_COOKIE to be cleared after 20-30 minutes (I did not record exactly how long it worked). We looked, and we found many timeouts that could be the cause of this, but each time changing them in turn for 1 minute, resetting IIS and retrying did not affect the timeout:
- Sites => Default website => Session status => Cookie settings => Timeout
- Sites => Default Web Site => ASP => Session Properties => Timeout
- = > - = > Allstate = > ASP = > = > -
, , :
, , , , . - ( 0 , MSDN).
, , - IIS, , , , , HTTP_COOKIE , GUID, . , , - - , reset.
, - - , , / . , , , , . , - GUID , !
.
P.S. , - , (~ 15 ) , , , , - .