Users of TimeControl 6 may have found that after a few minutes their TimeControl session times out. This is something controlled from within Internet Explorer 7.
Here is a quick little tutorial on how to modify the TimeControl 6 session timeout from within IIS 7.
1. Session State
We use the session state value as a timer to show the “Session timed out” message that will force users out of TimeControl. This value is the main control for the lifetime of session variables. To set this value:
- Open IIS and click/select the TimeControl web site; this will show a range of options on the right hand side of the screen including an item under “Application Development” titled “Session State”. Double-Click “Session State”.
- When opening the session state options a dialog will appear. All options should appear as the screen shot below does and to change the timeout value simply modify the value in the “Time-out (in minutes):” field and click “Apply”.
This tells the application how long a session is allowed to live. However, this isn’t the only option that needs to be modified because in our code we also check the validity of the user’s authentication ticket which is a separate time-out value.
2. Forms Authentication
The forms authentication uses an authentication ticket that is created when a user visits the site, and then tracks the user throughout the site. In TimeControl 6, we validate this ticket every time we load the page and if the ticket is no longer valid we redirect the user to the login page. If the session state is modified, the forms authentication will need to be modified as well.
- Open IIS and click/select the TimeControl web site. On the right hand side there will be an option under “Security” for “Authentication”. Double-Click “Authentication”.
- A list should be shown with a few items including “Forms Authentication”. Select the “Forms Authentication” item from the list and further to the right hand side of the screen an “Edit…” link will light up. Click “Edit…”.
- The options for forms authentication will appear in the dialog and should look like the screen shot below. The “Authentication cookie time-out (in minutes):” needs to change to match the setting for session state.
These two time-out settings are used by the TimeControl 6 web site code and work well for a high traffic site, but what if it isn’t a high traffic site? In IIS “Application Pools” there is a setting for an “Idle Time-out”; meaning if there is NO traffic on the web site for x number of minutes then the Application Pool will recycle the web site, terminating any and all sessions.
3. Application Pool Idle Time-out
- Open IIS and click/select the “Application Pools” from the left hand list. A list of applications pools will appear, click/select the application pool used by the TimeControl web site.
- There will be a link on the right hand side of the screen under the heading “Edit Application Pool” title “Advanced Settings…” click this link. A dialog will appear with a number of options but we are only interested in the item under “Process Model” that reads “Idle Time-out (minutes)”. This value should get a setting equal to the session state and forms authentication to ensure the web site application doesn’t force a recycle before the session is supposed to time out.
These are the values that affect the TimeControl 6 session.