Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Application Start and StopsApplication Start and Stops
Previous
 
Next
New Post
2/2/2007 3:42 PM
 
Chuck Sherer


Joined: 2/3/2005
Posts: 10

In effect (declic video) we identified that Forms / Windows auth was in effect, and bumped up all the timeout settings ...  including a "KeepAlive" aspx page performing a content refresh every 10 seconds embedded in the modules edit control (small iframe) .... bumped session timeouts to 2 hours, Forms Auth cookie timouts to 4 hours (ensure a 2 hr bus. req. window)... drastic sanity measures.  This seems to work, but shouldn't really be necessary.

The issue seems to be completely controlled by the Authentication Cookie Timeout setting in IIS ... ASP.NET ... Configuration ...  Authentication tab ... in our case. (after exhaustive testing).

Since we indeed are using Forms authentication within the web config ...to allow us to login with Windows authentication and forms auth (host/admin), it is readily apparent that the default value (global auth) of 30 minutes is insufficient.

From my reading, this 30 minute window is really a 15:01 window if you start a form (Edit control of a module) after signon at 14:59 seconds (asssuming Enable Sliding Expiration is checked).  Had you started the form at 15:01, this setting would have updated your authentication "cookie" and given you another half hour.  So basically this setting was giving us the resultant behavior of users trying to submit their form after 15-30 minutes of idle time, and the page basically refreshing (bypassing the postback, and subsequent form processing within the edit control).

Now we realize that simply increasing this setting seems to be the natural solution, let me preface that suggestion with "This is a security issue" for sites that want their users to expire after 15-30 minutes of idle time .. IE banking sites etc...

What is still unclear is the other IIS settings that control Session Timeout (State Management tab) and Application Pool settings for recycling worker processes, notes in MSDN for Health monitoring causing issues with worker processes, Web Garden Settings (WP >1), etc and how all of these settings work together.

A clear summary or hierarchy would be nice ... here's my guess.  Correct me if I'm wrong here or missed something! 2003 Server is assumed.

Application Pools - Handle Worker Process (IIS Threads) If these recycle while a user is on your site, all bets are off.  Samme as Restarting IIS

Website Properties ... Home Directory ... Application Settings ... Configuration .. Options
Enable Session State checkbox is checked default value is 20 minutes.  This controls Session state I believe for ASP applications and can be unchecked for DNN / ASP.NET sites ... assuming you dont need session onstart / onend events???

WebSite Properties ... ASP.NET ... ver 2.x ... Global (machine.config) / Edit (web.config) Configuration ...

Authentication TAB.. Forms Authentication .. Cookie timeout (def 30 min) and Enable sliding expiration checkbox. Controls the length in minutes (sliding) before the users authentication runs out between page requests. The user will get re-authenticated, and DNN will login the user and redirect to the current Page (url) no postback occurs (forms auth).

State Management TAB ... InProc/UseCookies ... Session timeout (def 20).  Controls ASP.NET session itself, NOT Forms Authentication cookies .. setting this higher does NOT override Forms Authentication cookie timouts. Would most likely affect Windows authentication on ASP.NET sites? We set this to 120 min (2hrs)

Any other thoughts?  And please dont remind me how inefficent this all is on server resources, or the number of user sessions that will remain open because of this, etc ... :)

Also, was there a better (interface driven) way to activate the provided KeepAlive.aspx on the DNN root within(on) an edit controls page? Would have been nice to simply drop that control in and walk away without editing our module ... moving it from dev-qa-prod, etc.  With the business owner breathing down our neck, asking if it was fixed yet. Whew!

Thanks!

Chuck

 

 

 

 

 

 
 
New Post
10/31/2007 11:44 AM
 
Michael Appelmans

Joined: 2/14/2006
Posts: 47

I have the same problem on a shared server. But I'mnot sure I want keepalive in the traditional sense as then my hosting service may object. I just need my forums posting page to stay logged in longer... I'm guessing than the cookie default timeout which I don't have control over. Is there some code I can insert on a page which would cause the same effect of keep alive but only for a page. In other words if no one is logged in and posting to a forum (where the timeouts seem to occur) then I don't care because my home page load time is acceptable.

Thanks!
 
 Page 2 of 2
Previous12 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Application Start and StopsApplication Start and Stops


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out