Insights

Setting Session Timeouts In Sitecore 7

Fixing Frequent Logouts

By Dan Cruickshank
August 28, 2014

I do not have definitive intel on this, but after a recent upgrade to Sitecore 7.2 (rev. 140526) it was noticed users were getting logged out of Sitecore quite frequently.

It wasn't clear what had changed, if anything it seemed session timeouts suddenly worked.

Unsure if these log outs were a feature, fix, or something else, increasing the timeouts required changes in a few places.

Increasing Timeout In Sitecore

There are 2 (or 3 if you use session) separate values to update in the web.config.

Timeout for logging into Sitecore


<!--  AUTHENTICATION CLIENT SESSION TIMEOUT
	Specifies the number of minutes before Sitecore considers user authentication session tickets as expired.
	This setting is only relevant for users logging in to Sitecore Client and when the Sitecore license has a limited number
	of concurrent editors. 
	All expired sessions will automatically be removed when a new user tries to log in and the maximum
	number of concurrent editors has been reached. 
	The default is 60 minutes (1 hour).
-->
<setting name="Authentication.ClientSessionTimeout" value="180" />

Because Sitecore authentication leverages the .NET membership provider, this setting has to be changed as well.

Authentication Mode Timeout


<!--  AUTHENTICATION 
	  This section sets the authentication policies of the application. Possible modes are "Windows", "Forms", 
	  "Passport" and "None"
-->
<authentication mode="None">
  <forms name=".ASPXAUTH" cookieless="UseCookies" timeout="180" />
</authentication>

This last one tweak is only required if your SessionState is managed by database instead of by cookie.

SessionState Timeout


<!--  SESSION STATE SETTINGS
	  By default ASP .NET uses cookies to identify which requests belong to a particular session. 
	  If cookies are not available, a session can be tracked by adding a session identifier to the URL. 
	  To disable cookies, set sessionState cookieless="true".
	  
	  Note that Sitecore does not support cookieless sessions
	  <sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20"/>
-->
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="180" />

This post was authored using Markdown for Sitecore.

👋 Hey Sitecore Enthusiasts!

Sign up to our bi-weekly newsletter for a bite-sized curation of valuable insight from the Sitecore community.

What’s in it for you?

  • Stay up-to-date with the latest Sitecore news
  • New to Sitecore? Learn tips and tricks to help you navigate this powerful tool
  • Sitecore pro? Expand your skill set and discover troubleshooting tips
  • Browse open careers and opportunities
  • Get a chance to be featured in upcoming editions
  • Learn our secret handshake
  • And more!
Sitecore Snack a newsletter by Fishtank Consulting
 

Meet Dan Cruickshank

President | Sitecore MVP x 11

Dan is the founder of Fishtank. He's a multi-time Sitecore MVP and Coveo MVP award winner. Outside of technology, he is widely considered to be a top 3 father (routinely receiving "Father of the Year" accolades from his family) and past his prime on the basketball court.

Connect with Dan