My Software Notes

Useful things I discover

Archive for June 2012

ASP.NET Timouts (Sessions and App Pools and Auths, Oh My)

with 4 comments

I just had to extend the timeout for an ASP.NET site and I had to look it up all over again.  I don’t extend timeouts very often but when I do I never remember all the places that I may need to make a change.  Sadly just changing sessionState in the Web.Config doesn’t always cut it.

So here, for my future use and for anyone else with the same problem, are a list of all the timeout possibilities that I know of in ASP.NET web apps.

Session State – In web.config

Session state timeout is 20 mins by default.  To increase it set the timeout attribute on the sessionState element in the web.config.

<system.web>
     <sessionState timeout="60" /> 
</system.web>

References:

ASP.NET Session Timeouts

sessionState Element

App Pool Idle Time-out – In IIS

The Application Pool of your web app has an “Idle Time-out (in minutes)” setting in “Advanced Settings” (IIS7)  The help text says: “Amount of time (in minutes ) a worker process will remain idle before it shuts down.”

References:

ASP.NET Session Timeouts

Configure Idle Time-out Settings for an Application Pool (IIS 7)

Forms Authentication Timeout – In web.config

Forms authentication uses it own value for timeout (30 min. by default). A forms authentication timeout will send the user to the login page even if the session is still active.  The setting is in minutes.

<system.web>
     <authentication mode="Forms">
           <forms timeout="50"/>
     </authentication>
</system.web>

References:

Answer to question about Session Timeout in ASP.NET

forms Element for authentication

Recycle Worker Process – in IIS

Not really a timeout but it will have that effect.  The default is 29 hours, so you will rarely need to change it.

References:

ASP.NET Session Timeouts

Configuring Recycling Settings for an Application Pool (IIS 7)

Execution Timeout – in web.config and in code

This is the time allowed for a request to execute before it is shut down.  The default is 110 seconds, so it’s plenty long enough for most situations.  If you need to make it longer for your entire site then use web.config and if you need to lengthen it for just a specific request then do it in code.

In Web.Config:

<system.web>
   <httpRuntime executionTimeout="180" />
</system.web>

If compilation debug is true then the timeout is always about a year (really).  This is so your app doesn’t stop handling a request while you are running through the debugger in Visual Studio.

References:

ASP.NET Session Timeouts

httpRuntime Element

In Code:

The HttpServerUtility class has a property called ScriptTimeout that allows you to set the timeout for the current request.  In ASP.NET and ASP.NET MVC you can get at this property via the Server property of your Page or Controller.

Server.ScriptTimeout = 600;  //in seconds

References:

HttpServerUtility.ScriptTimeout Property

Timeout of an ASP.NET page

ASP.NET Session Timeouts

Security Token Handlers – In web.config and code

Here’s another one I just came across (01/20/2014).  This can be used to replace the forms authentication timeout.

In Web.Config

The “lifetime” attribute in the sessionTokenRequirement element can be used to set the timeout. It uses the format “hh:mm:ss”.

<system.identityModel>
  <identityConfiguration>
    <securityTokenHandlers>
      <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler,System.IdentityModel, 
      	Version=4.0.0.0, Culture=neutral,PublicKeyToken=B77A5C561934E089" />
      <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler,System.IdentityModel.Services, 
      	Version=4.0.0.0, Culture=neutral,PublicKeyToken=B77A5C561934E089">
        <sessionTokenRequirement lifetime="00:20:00"></sessionTokenRequirement>
      </add>
    </securityTokenHandlers>
  </identityConfiguration>
</system.identityModel>

In Code

Classes derived from SecurityTokenHandler have a TokenLifetime property that can be set using a TimeSpan.

tokenHandler.TokenLifetime = new TimeSpan(0, 20, 0); //hh, mm, ss

References:

<securityTokenHandlers>

SessionSecurityTokenHandler Class

Summary

I think that’s everything.  If not please leave a comment and enlighten me 🙂

If you have any other useful links on the subject please leave those too.

Advertisements

Written by gsdwriter

June 22, 2012 at 10:55 am

Posted in .NET, ASP.NET, ASP.NET MVC, IIS

Can’t upgrade NuGet in Visual Studio 2010 SP1

leave a comment »

I’ve been able to upgraded NuGet successfully sometimes and other times I’ve had to uninstall and reinstall to make it work. Very annoying.

Today it happened again and looking in the intallation log I saw: “The signature on the update version of ‘NuGet Package Manager’ does not match the signature on the installed version”.

I hunted around and found the solution: Install this VS hotfix – http://bit.ly/vsixcertfix

See “Known Installation Issue” at http://docs.nuget.org/docs/release-notes/nuget-1.8

Thanks to http://www.codeplex.com/site/users/view/pranavkm for the post that led me to this.

Written by gsdwriter

June 5, 2012 at 2:58 pm

Posted in Visual Studio