Timeout is important session state setting in the web.config file. It specifies the number of minutes that ASP.NET will wait, without receiving a request, before it abandons the session.

C# 8.0 and .NET Core 3.0 – Modern Cross-Platform Development: Build applications with C#, .NET Core, Entity Framework Core, ASP.NET Core, and ML.NET using Visual Studio Code, 4th Edition
ASP.NET Core 3 and Angular 9: Full stack web development with .NET Core 3.1 and Angular 9, 3rd Edition
C# in Depth, 4th Edition

 

<?xml version=”1.0” encoding=”utf-8” ?>
<configuration>
     <system.web>
     <!— other settings are omitted. —>
     <sessionState
        cookieless=”AutoDetect” cookieName=”ASP.NET_SessionID”
        regenerateExpiredSessionID=”false”
        timeout=”20”
        mode=”InProc”
        stateConnectionString=”tcpip=127.0.0.1:42424”
        stateNetworkTimeout=”10”
        sqlConnectionString=”data source=127.0.0.1;Integrated Security=SSPI”
        sqlCommandTimeout=”30” allowCustomSqlDatabase=”false”
        customProvider=””
     />
     </system.web>
</configuration>

 

This parameter is one of the most important, because a difference of minutes can have an impressive effect on the load of the web server and performance of the web application. Ideally, software developer should choose a timeframe that is short enough to allow the server to recover valuable memory after a client stops using the application but long enough to allow a client to pause and continue session without losing it.

Software developer can also programmatically change the session timeout in code:

Session.Timeout  = 15;