Hoping someone can answer what should be a quick question for me.
I'm new to ASP - only about 6 months in with no formal training, I'm learning as I go.
I've built a quick web-app that allows users to submit, modify & view info. To keep unauthorized users out, I've included a simple login script that checks the userid/pwd against a database. If there's a match, a session is created, if not, you're directed to an error page. All of this is being run on a Win 2k3 machine running IIS6.
Regardless of what page the user is on, if the user does not activate a link or submit info via the form for a solid 60 seconds, the sessionID is destroyed and the user is forced to re-login. Most of the users are slow typists and require at least 2 minutes to enter their info, so this obviously needs to be addressed.
What I've Done:
I originally thought this was a server config issue (still do, actually) but the server guy keeps telling me it's my code, so I've tested it out completely. I've looked it over and have had 2 other programmers look it through. I've posted it on two test environments and on 2 other production servers (for a total of 4 different webservers, all running WinXp, IIS5 - I don't have access to IIS6). The Session is *not* destroyed after 60 seconds on any of the other environments, it only happens on our production server.
1) I'm sure I know the answer to this - my guess and gut reaction would be no - but I want to make absolutely sure before I try to take this back to the server guy: Is it possible to lengthen the amount of time the session variable is kept for just one app (E.G. within the ASP code, not within the server configs?)
2) Has anyone had this problem before, if so, what did you find fixed it?
3) If this is a config issue and not a code issue (which I'm thinking), how can I convince the server guy? I've tried to show him the test results from other webservers as well as writing out the session id at the top of each page and showing him the variable is destroyed after 60 seconds. All I get in response is: "Yeah, I set it up so the connection stays for 20 minutes and the variable is destroyed after 60 seconds." (Maybe it's just me, but I didn't think that was possible...)
If you'd like to see my code, I'll be more than happy to post it here, just ask.
Just as an FYI in case any of you ask, this is not just a single web-app that this happens with - it happens with all session variables used in any subweb on the server. (Include code I've written, code that's been generated by ASPRunner and various other "Wizards" and "Generators")