5

I have the session timeout set to 20min but when I try to access this value from action I'm getting 1min instead.

Web.Config settings are:

<sessionState mode="InProc" cookieless="false" timeout="20">

<authentication mode="None">
  <forms name=".ASPXAUTH" cookieless="UseCookies" timeout="20" />
</authentication>

In Global.asax.cs in Session_Start value of timeout is 20min:

HttpContext.Current.Session.Timeout

But in action in my controller is set to 1min:

System.Web.HttpContext.Current.Session.Timeout 
HttpContext.Session.Timeout

I've found that when I remove SitecoreHttpModule which is of type (Sitecore.Nexus.Web.HttpModule,Sitecore.Nexus) from web.config the timeout works fine but I dont think I can remove it permanently. 

 <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="WebDAVModule"/>
      <add type="Sitecore.Web.RewriteModule, Sitecore.Kernel" name="SitecoreRewriteModule"/>
      <!-- !!!REMOVED MODULE!!! <add type="Sitecore.Nexus.Web.HttpModule,Sitecore.Nexus" name="SitecoreHttpModule"/> -->
      <add type="Sitecore.Resources.Media.UploadWatcher, Sitecore.Kernel" name="SitecoreUploadWatcher"/>
      <add type="Sitecore.IO.XslWatcher, Sitecore.Kernel" name="SitecoreXslWatcher"/>
      <add type="Sitecore.IO.LayoutWatcher, Sitecore.Kernel" name="SitecoreLayoutWatcher"/>
      <add type="Sitecore.Configuration.ConfigWatcher, Sitecore.Kernel" name="SitecoreConfigWatcher"/>
      ...
    </modules>
</system.webServer>

Is there any place I can configure this timeout for this module or there is any other way to set session timeout to desired value?

Improve this question
3
  • Do you have Sitecore Analytics enabled? Commented Feb 20, 2015 at 10:42
  • Yes, Sitecore Analytics are enabled. Commented Feb 20, 2015 at 10:57
  • 1
    I've tried to disable Analytics in Sitecore.Analytics.config <setting name="Analytics.Enabled" value="false" /> and timeout works fine, it's set to 20min. Any idea why? Commented Feb 20, 2015 at 11:01

3 Answers 3

Reset to default
7

Every first request for a new user is considered as a possible bot request. That's why session timeout is set to 1 minute for those requests.

If the request is executed by the proper end user, there should be VisitorIdentification code on your page which in fact will cause another background call to the server and extend the session for the user.

Just add 

@using Sitecore.Mvc.Analytics.Extensions
...
@Html.Sitecore().VisitorIdentification()

to your layout .cshtml file.

Timeout will be set to 1 minute for the first request, but then automatically changed back to 20 (or whatever is configured), when Sitecore does the VisitorIdentification call.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

The problem is in robots detection in Sitecore Analytics module. My browser is recognized as a bot and there are some settings about that in Sitecore.Analytics.Tracking.config file:

 <!--  ANALYTICS ROBOTS SESSION TIMEOUT
        The ASP.NET Session Timeout for auto detected robots. 
        When the automatic robot detection identifies a session as being a robot, the ASP.NET
        Session Timeout is set to this value (in minutes).
        Default: 1
  -->
  <setting name="Analytics.Robots.SessionTimeout" value="1" />

The timeout is set to 1min when bot is detected to save some mememory and not to keep session too long.

The timeout will be set to desired 20min value when I either disable Analytics at all or disable Analytics.AutoDetectBots (in Sitecore.Analytics.Tracking.config file).

The proper solution for this is to clasify browser correctly (not as a bot).

Another post on this issue:

Sitecore Analytics Robots SessionTimeout causing premature session timeout

Improve this answer

3 Comments

Just add @using Sitecore.Mvc.Analytics.Extensions ... @Html.Sitecore().VisitorIdentification() to your layout .cshtml file. Timeout will be set to 1 minute for the first request, but then automatically changed back to 20 (or whatever is configured), when Sitecore does the VisitorIdentification call.
The comment from @MarekMusielak solved the problem for me. As this is a different approach to the description in the solution, I would suggest you add this as a new answer.
@KevinBrechbühl answer added as you asked
1

In Sitecore 7 there is now multiple places you have to specify the Session Timeout.

I would check these values in your Web.config.

<setting name="Authentication.ClientSessionTimeout" value="120" />

and 

<forms name=".ASPXAUTH" cookieless="UseCookies" timeout="120" />

and then

<sessionState mode="InProc" ... timeout="120" />

More info here:

Strange Timeout in Sitecore 7

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.