admin session timing out after less than 10 minutes
-
spencer321
- Lieutenant, Jr. Grade (LT JG)
- Posts: 26
- Joined: Sat Mar 15, 2008 2:57 pm
admin session timing out after less than 10 minutes
My admin sessions are timing out way too often. I read a post that explained how to increase the session timeout in the web.config file. But when I checked mine was already set to 30 minutes and I think that's probably good enough. But I swear my sessions are timing out sooner than 30 minutes. I just tested it. I opened a new session and let it sit idle for exactly 10 minutes. Then I clicked to browse my catalog and was redirected to the admin login screen.
-
Mark Harris
- Lieutenant, Jr. Grade (LT JG)
- Posts: 37
- Joined: Fri Mar 28, 2008 3:50 pm
- Location: Perth, Western Australia
- Contact:
Re: admin session timing out after less than 10 minutes
Which browser are you using? Your browser might be removing the cooking which has your session information in it.
Re: admin session timing out after less than 10 minutes
Could your host be doing some load balancing? We had this problem on DiscountASP until I added the machine key.
--clipped from the ver 7 FAQ---
Creating a Machine Key
The database.config and encryption.config files are saved in an encrypted form, so that your connection string and encryption key remain protected. If you are installing AbleCommerce to a web farm or clustered environment, you must take additional steps so that this file encryption will work properly.
You may experience a problem with having to continuously login. You may also experience MAC validation errors. If this happens, follow the steps below:
1) Visit this URL: http://aspnetresources.com/tools/keycreator.aspx
2) The default values for key generation are correct (64/24/SHA1), click Generate
3) Copy the resulting machine key.
4) Open the web.config for the store, and paste the copied machine key after the line that says
<system.web>
6) Save web.config and restart the IIS application service.
When you don’t specify the machine key in web.config, ASPNET automatically generates one for the application. If something causes the application to recycle, the key is regenerated. If the application recycles between requests, then any data that was downloaded by the browser was recorded with the first key, and validated with the second. This turns into the MAC validation error, because the keys are not the same. This is why the error mentions clustered environments, because the same issue occurs if you move from one server to another between requests.
When you set the key in the web.config file, ASPNET uses this key rather than auto generating. That ensures that even if an application recycle takes place, the validation will be correct. This is used for things like session cookies, authentication, viewstate validation, event validation, and so on.
--clipped from the ver 7 FAQ---
Creating a Machine Key
The database.config and encryption.config files are saved in an encrypted form, so that your connection string and encryption key remain protected. If you are installing AbleCommerce to a web farm or clustered environment, you must take additional steps so that this file encryption will work properly.
You may experience a problem with having to continuously login. You may also experience MAC validation errors. If this happens, follow the steps below:
1) Visit this URL: http://aspnetresources.com/tools/keycreator.aspx
2) The default values for key generation are correct (64/24/SHA1), click Generate
3) Copy the resulting machine key.
4) Open the web.config for the store, and paste the copied machine key after the line that says
<system.web>
6) Save web.config and restart the IIS application service.
When you don’t specify the machine key in web.config, ASPNET automatically generates one for the application. If something causes the application to recycle, the key is regenerated. If the application recycles between requests, then any data that was downloaded by the browser was recorded with the first key, and validated with the second. This turns into the MAC validation error, because the keys are not the same. This is why the error mentions clustered environments, because the same issue occurs if you move from one server to another between requests.
When you set the key in the web.config file, ASPNET uses this key rather than auto generating. That ensures that even if an application recycle takes place, the validation will be correct. This is used for things like session cookies, authentication, viewstate validation, event validation, and so on.