Improvement #2 - Increased session timeout
This is the second post in the series 10 improvements in 10 days. Yesterday we introduced a new feature named HTTP method on URLs. Today, we introduce an improvement which may not have required as much code, but on the other hand have been requested by a lot of you: Increased session timeout (to 60 minutes).
We are currently using a combination of ASP.NET Forms Authentication and the open source SimpleAuthentication library for authenticating against social providers. We may want to switch to ASP.NET Identity, but for now forms authentication is the framework of choice. Forms authentication defaults to a session timeout of 20 minutes, meaning that you will automatically be logged out, if you're inactive for 20 minutes. As of today, the timeout has been increased to 60 minutes.
Some of you asked us to remove session timeout completely. While we see some benefits of doing so, removing session timeout also introduces security issues. Your error logs are a delicate thing and you dont want people outside your organization getting access to your logs. To learn more about why ELMAH logs should be kept a secret, check out Troy Hunts awesome blog post: ASP.NET session hijacking with Google and ELMAH.
We monitor your websites
We monitor your websites for crashes and availability. This helps you get an overview of the quality of your applications and to spot trends in your releases.
We notify you
We notify you when errors starts happening using Slack, HipChat, mail or other forms of communication to help you react to errors before your users do.
We help you fix bugs
We help you fix bugs quickly by combining error diagnostic information with innovative quick fixes and answers from Stack Overflow and social media.