December 14, 2023 Web Development

Extending Your DNN Session Timeout: How to Stay Logged In for Longer

For content editors who work on one or many DNN websites regularly, getting signed out and needing to log back in can quickly become an annoyance. 

We can solve this by extending the duration for how long DNN keeps a user logged in and authenticated by modifying a web.config variable. 

Implementing the Modification:

  1. Keep a backup:
    1. Before modifying your web.config file, create a local backup and have access to restore this previous version if something goes wrong.
  2. Ensure you are logged into the website as a Host-level user.
  3. Hover over the gear icon in the persona bar (settings menu).
  4. Click on the menu link “Config Manager”.
  5. From the “Configuration Manager” view, click the drop-down and select “web.config”. 
  6. Scroll through the configuration file and search for a property titled:
    <authentication mode =”Forms”>.
  7. Within this property, you should see a timeout value. This is the value we want to adjust.
  8. You can extend this duration. 
  9. Notes:
    1. The value is based on minutes. 
    2. Do not include a comma in the value setting.

Additional This to Consider

  • This change will impact all users who access and log into your website. Does an extended logged-in session make sense if you have many end users?
  • Modifying this value will impact how long the defined authentication cookie is set for.
  • The default value is configured to one hour, with a value of 60.
    • An example value of 7200 would result in the authentication cookie lasting for five days. (7200/60/24 == 5).
  • If you use a custom authentication provider, modifying this value alone may not be sufficient to extend your user's authentication duration.

Advanced Configuration:

Another modification you can implement is to utilize the property slidingExpiration. 

With slidingExpiration set to false, your authentication token/cookie will not get automatically refreshed every time you refresh a page. This would allow you to define a fixed duration for how long a user can be logged into the website. 

Utilizing this setting would likely be very situational, as in most instances, it could be jarring for a user to have their session ended while they are still actively working with the application.

Image Credit: Adobe Firefly