Where to set timeout

[ad]

I am use VS2005 to develp WebApplicaiton.
There are two place where I can set the TimeOut Value.
What is the difference between them?
Which have the priority?

One is:
<system.web>
<compilation debug="false" />
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx"
protection="Validation"
timeout="999999" />
</authentication>

Another is

<sessionState mode="InProc" timeout="20"/>

 

[Remy]

Don't think they are really related. The authentication timeout just
says after which time the users needs to revalidate himself. I think it
counts the idle time.

The other one is how long the session object is valid, I think its also
idle time. You can have sessions without authentication and the other
way round.

Correct me if I'm wrong.

Remy

 

[ad]

I wnat that if sesion time, the web will logout and redirect to notify user
that the session is time out, and must login in again.
How can I do that?

 

[Remy]

Honestly, not sure how all the details work here. I would play around
with it a little bit and see how the two mechanism behave. But what you
could do is, that when the session times out or if there is no session
available anymore, you can log the user out:

FormsAuthentication.SignOut();

This way you make sure that if there is no session, the user is not
logged in. If you setup your authentication correctly. the user will be
redirected to the loginpage whenever he tries to access a page.

Remy Blaettler
www.collaboral.com