The users of my web application are complaining that the 20 min default timeout is too short and they don't want to have to keep logging in.
I have tried changing the timeout from the default 20 mins but whatever I set it to it seems to have a max of 1 hour.

At first I set the timeout in the web.config file
<sessionState timeout="240" />

But that didn't seem to make any difference.
Then I read somewhere that you have to change the timeout in the configuration in IIS. So I did that.
It still times out at about 1 hour!

So my question is:
what's the best way to get round my users having to log in all the time to preserve their sessions?
Find a way to extend the timeout (how?), or is there a better way to handle this?


I've mentioned in my question that i've done those two things

you can set maximum 24 hours for session. visit the below link.. it will solve your problem.


I've mentioned in my question that i've done those two things

seems to be working although i've noticed something a bit strange you might be able to throw some light on:

i've set the timeout values to 60 mins for the default website and allowed the sites i have there (live & test) to inherit these values.
however i'm now not getting a timeout after an hour!?
(sorry for the double negatives!, 80 mins passed and no timeout)
could this be because the web.config files actually state periods of longer than 60 mins?
the live site is set to 240
the test site is set to 120
i'm monitoring it now but so far both have exceeded 60 mins?
if this is the case it's a bit confusing to have the web.config file ignored unless IIS uses non default values!