How to configure timeout for session state in ASP.NET

Timeout is important session state setting in the web.config file. It specifies the number of minutes that ASP.NET will wait, without receiving a request, before it abandons the session.

 

<?xml version=”1.0” encoding=”utf-8” ?>
<configuration>
     <system.web>
     <!— other settings are omitted. —>
     <sessionState
        cookieless=”AutoDetect” cookieName=”ASP.NET_SessionID”
        regenerateExpiredSessionID=”false”
        timeout=”20”
        mode=”InProc”
        stateConnectionString=”tcpip=127.0.0.1:42424”
        stateNetworkTimeout=”10”
        sqlConnectionString=”data source=127.0.0.1;Integrated Security=SSPI”
        sqlCommandTimeout=”30” allowCustomSqlDatabase=”false”
        customProvider=””
     />
     </system.web>
</configuration>

 

This parameter is one of the most important, because a difference of minutes can have an impressive effect on the load of the web server and performance of the web application. Ideally, software developer should choose a timeframe that is short enough to allow the server to recover valuable memory after a client stops using the application but long enough to allow a client to pause and continue session without losing it.

Software developer can also programmatically change the session timeout in code:

Session.Timeout  = 15;