I have a site that is using a session cookie to keep a few pieces of information but for some reason it seems to get removed before the time out.
In the global.asax I have
void Session_Start(object sender, EventArgs e)
{
HttpCookie jobTrax = Request.Cookies.Get("JobTrax");
if ((null != jobTrax))
{
if (Request.Cookies["JobTrax"] != null)
{
HttpCookie myCookie = new HttpCookie("JobTrax");
myCookie.Expires = DateTime.Now.AddDays(-1d);
Response.Cookies.Add(myCookie);
}
Context.GetOwinContext().Authentication.SignOut();
Session.Abandon();
Session.RemoveAll();
Response.Redirect("~/Account/Login",false);
}
}and in the web.config I have SessionState timeout = 30
This works perfectly when I am in my local environment but when I move the web forms app to either our test or development servers after about 2 minutes of no activity if I click a button or do anything on the site I get redirected to the login screen.
I am using asp.net 4.5 with the new identity. an I do not have the <authentication> tag in my web.config. Is it possible my authentication is timing out and that is what is causing the redirect to my login screen which then removes my cookie?