AnyView IDS web application session timeout forces forms authenticated users to re-enter their login

20 October 2005

Issue Description

Forms authenticated web application users that remain idle for more than 20 minutes are automatically logged off AnyView IDS.  If these users then try and access web application content, they are prompted to re-enter their login and password.


The default session timeout for the AnyView IDS application is 20 minutes.  If a forms authenticated user remains idle for more than 20 minutes, their session will be terminated.  The AnyView IDS web application session timeout is set in the 'Web.config' file in the AnyView IDS web application physical directory.


The AnyView IDS web application session timeout can be changed in the 'Web.config' file on the IIS Server.  In a typical install the path to the 'Web.config' is similar to:


C:\Program Files\Accountable Software Inc\AnyView IDS\Web Application\


To edit the 'Web.config' file, open it with Notepad and locate the "Session State Settings" section as shown below: 


By default ASP.NET uses cookies to identify which requests belong to a particular session. If cookies are not available, a session can be tracked by adding a session identifier to the URL. To disable cookies, set sessionState cookieless="true".



<sessionState mode="InProc" StateConnectionString="tcpip=" sqlConnectionString="data source=;Trusted_Connection=yes" cookieless="false" timeout="20" />

The session timeout is currently set to 20 minutes (timeout is shown in red).  You can change this timeout to any amount of time in minutes.  After making the change save the 'Web.config' file.  The session timeout will apply to all new web application sessions.

Site Map