ASP session expiration before timeout setting

Question

Some of my legacy program is using ASP (not ASP.Net), and even if I set long session expire time, for example to 20 minutes, sometimes in short time (e.g. in several minutes) I will still notice session expire error box –

"too much idle time, please login again."

Any ideas to analyze further? Not sure whether it is my code bug or server (browser) configuration issue, since not all client/server combinations are met with this strange issue.

The session expire box is triggered by my code:

<%
    if session("timeToken") = "" then
%>

<script language = "JavaScript">
<!--
window.alert ("too much idle time, please login again");
//-->
</script>
<%
response.End()
end if
%>

Answer 1

Make sure you site stays in the same case sensitive folders

e.g.

http://myserver.com/MyWebSite/

does not have the same session cookie as

http://myserver.com/mywebsite/

So it would log you out.

Answer 2

It could be the IIS limitation on your application seesion timeout.

Try this:

1. Right click on you app folder in IIS
2. Then go Properties -> Virtual Directory Tab -> Then the Configuration Button on the right bottom
3. If it's disabled, then create the application first clicking the button Create
4. Under the configuration window click on the Options tab and you will find SESSION TIMEOUT set by default to 20(mins)

hope this is the aswer to your prayers :)