Run-Time Configuration Elements

The run-time configuration elements holds a variety of key-value pairs for various settings for setting things like automatic session time-outs and HTTP error display pages.

Parameter

Description

CustomErrors

This setting associates an error page with certain types of HTTP errors, such as 404 (file not found) and 500 (internal server error) errors.

Before:

<customErrors mode="RemoteOnly" />

After:

<customErrors mode="RemoteOnly" defaultRedirect="Shared/Internal_Server_Error_Page.aspx" >
     <error statusCode="404" redirect="Shared/Internal_Server_Error_Page.aspx" />
     <error statusCode="500" redirect="Shared/Internal_Server_Error_Page.aspx" />
</customErrors>

httpRuntime

This sets the maximum file upload size, in KB, the server will accept.

See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfhttpruntimesection.asp for details.

maxRequestLength

The maximum file upload size, in kilobytes (KB), that the server will accept for the application.

executionTimeout

Governs the amount of time a server-side function can execute before timing out.

 

<httpRuntime
     maxRequestLength="10240"
     executionTimeout="36000"
/>

SessionState

This change sets the StateServer service to store session data instead of storing it in memory only, and to change the timeout setting.

Timeout

The number of minutes the application user’s browser session will stay open before automatically signing out the application user.

Before:

<sessionState
     mode="InProc"
     stateConnectionString="tcpip=127.0.0.1:42424"
     sqlConnectionString="data source=127.0.0.1;user id=sa;password="
     cookieless="false"
     timeout="20"
/>

After:

<sessionState
     mode="StateServer"
     stateConnectionString="tcpip=127.0.0.1:42424"
     sqlConnectionString="data source=127.0.0.1;user id=sa;password="
     cookieless="false"
     timeout="30"
/>

Cookiesless setting automatically logs out application users

If security is enabled for an Application that contains ASP.NET multi-level menus, the user will be logged out of the application if they click on the menu if the “cookieless” attribute is set to “true” in the application’s Web.config file.

For example:

<sessionState mode="InProc"

     stateConnectionString="tcpip=127.0.0.1:42424"

     sqlConnectionString="data source=127.0.0.1;user id=sa;password="

     cookieless="true"

     timeout="60"

/>

This is due to .NET and not Iron Speed Designer.

According to this source:

http://www.dynamisys.co.uk/ForumsBlogs/Forums/tabid/299/forumid/16/postid/573/scope/posts/Default.aspx

"Using cookieless Sessions has an unfortunate side effect: You must also stop using the ASP.NET 2.0 menu controls. If you continue to use the menu controls, you'll find that each time your users click on a menu to go to another page, they lose their Session data. ASP.NET security, which by default uses an encrypted cookie to store security information, also has a cookieless option that embeds the encrypted security information into the URL. If you turn that option on and continue to use the ASP.NET 2.0 menu controls, you'll find that your users get logged off every time they click on a menu control."

See Also

Web.config Configuration File