In the .NET application, we have given access to 3 authorized users with Log-in credentials. They are, 1)Admin 2)Marketer 3)Funder
Now, out of the 3 users above, Admin session should be unlimited. He should not be logged out now matter for how long the application is idle and he has not clicked on log-out button. How to do this in web.config file in ASP.NET application.
There is technically no way to set it to unlimited, as far as I am aware, however there are several ways to prevent the timeout. The keyword is prevention, both methods I am about to link include refreshing the timeout internally as long as a page is opened. You could wrap the logic in something that will be included in every page and go with that.
This is the first method, preventing session time out with a javascript that makes requests to another specific page that has no cache.
Another method involving embedding an iframe to a specific page which plays around with Meta Refresh which is used to refresh a given page on a given time.
You can artificially increase the session timeout in web.config to its maximum, which should be exactly one year or 526500 minutes according to this post.
There's usually an automatic recycle of your application pool which is configured in IIS or idling of your website after 20 minutes. The idle will be prevented by both techniques, however you can set it to 0 just in case. However, I'm not sure whether the recycle affects the session once it hits - you have to research it additionally.
