I've searched around but i can't find an answer, i have a single page mvc application, with angular js and web api 2 controllers, some one in the past has enabled Session, in web config and in 'Application_PostAuthenticateRequest' with 'SessionStateBehavior.Required'. Because of that, no concurrent api calls are made. My question is, if i change 'Required' to 'ReadOnly' how the session timeout will behave. I mean, it will work as it is intendeed? it will delete the session after that time, or the session will be kept alive forever, etc.. . I've searched in my project and nowhere is something added tot the session. Only thig that seems suspicios is that at the LogOff method something like this :
// Clear session cookie
var rSessionCookie = new HttpCookie("ASP.NET_SessionId", "");
rSessionCookie.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(rSessionCookie);
Aucun commentaire:
Enregistrer un commentaire