How do I change the web application timeout that controls when users are automatically logged out?

In the application’s web.config file, there are two sections that should be added or modified.

The AUTHENTICATION timeout determines how long a user can be idle before being required to login again. Look for the authentication section, and make sure the following two properties are set:

</authentication>

slidingExpiration=”true”
- This setting extends the authentication expiration when it is accessed. If set to “false”, the session will only be valid for the specified number of minutes from the initial login.

timeout=”30”
- This setting configures the time, in minutes, before the authentication expires. When the authentication expires, the user will need to login again to continue using the application. The default value is 30 minutes.

Note that other properties may exist, and should be left unchanged. These properties may include (but are not limited to) “loginUrl”, “defaultUrl”, and “name”. Changing or removing these additional properties may cause the application to stop functioning properly.

The SESSIONSTATE timeout determines how long data is cache in the application. When the cache expires, any data being used by the database will be refreshed from the data source the next time it is needed. Look for the sessionstate session and make sure the following property is set:

</sessionState>

timeout=”20”
- This setting configures the time, in minutes, before data in the session cache expires. When the data expires, the application will need to refresh it from the underlying data source. Any input provided by the user may need to be provided again. The default value is 20 minutes.

Note that other properties may exist, and should be left unchanged. These properties may include (but are not limited to) “mode”, “stateConnectionString”, and “cookieless”. Changing or removing these additional properties may cause the application to stop functioning properly.