ASP.NET web application session timeout issue on local IIS Express on Windows Server 2019?

Question

I have an ASP.NET 4.x MVC application which is hosted on our local Windows 2019 Server on IIS Express.

In web.config file session timeout is configured for 8 hours (Session mode in process). Which means if a user logins he shoud remain logged in for 8 hours, but this is not happening. End users who are using this application on local network, they get logout just after few minutes and they have to log in again and again.

I have even configured this time on IIS settings but still no success.

Anything I am missing?

Answer 1

I believe you might need also to modify Startup.cs file by setting validateInterval for CookieAuthentication Provider. Below you can find example how it has been handled in my application where time of automatic logging out was increased to 60 min:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    SlidingExpiration = true,
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature that is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(60),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});