When I login to my webform in my production environment ( IIS 7.5 + SQL Server 2008), my session expires after just a few couple of seconds (less than 1 minute). But when I do the same in my dev environment (ASP.Net Development Server + SQL Server 2008) the session is persistant long enough... (several minutes). I use the ASP.Net membership technology with Forms authentication mode and try to use Cookies. It look like something on the server is overriding my parameters, but I don't have access to the production IIS configuration (I subscribed to a shared hosting)
Here are my web.config parmeters:
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/Pages/Front/Login.aspx"
protection="All"
timeout="900"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="~/Pages/Front"
cookieless="UseCookies"
name="MySite" />
</authentication>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="XXX"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
<roleManager enabled="true"
cookieName="booble.com"
cookieProtection="All"
cookieSlidingExpiration="true"
cookieTimeout="90"
createPersistentCookie="true"
cookieRequireSSL="false">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="XXX" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
<sessionState timeout="90" />
<customErrors defaultRedirect="Error.aspx" mode="On" redirectMode="ResponseRewrite" >
<error statusCode="404" redirect="Error404.aspx"/>
</customErrors>
<!-- needed because of my Provider-->
<pages enableViewStateMac="false" />
<siteMap enabled="true" defaultProvider="AspNetXmlSiteMapProvider">
<providers>
<clear />
<add siteMapFile="Web.sitemap" name="AspNetXmlSiteMapProvider"
type="System.Web.XmlSiteMapProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
</system.web>
Thanks a LOT in advance for your answers !
The problem was coming from my shared hosting provider, I contacted them in their help forum and on of their admin "changed" something on server-side, and now it works... they didn't want to tell me what they have modified.
FYI my shared hosting provider is named OVH.com, so if you have a session timeout problem (expiring every 30 sec to 1 min), even if you have configured your web.config correctly (to be sure,I even put my sessionState mode="SQLServer") , just contact them and they will do the necessary.
I'll post here if I get an explanation, thanks for your readings