If you want to set the timeout to 20 minutes, use something like this:

如果要将超时设置为 20 分钟，请使用以下内容：

    <configuration>
      <system.web>
         <sessionState timeout="20"></sessionState>
      </system.web>
    </configuration>

The value you are setting in the timeoutattribute is the one of the correct ways to set the session timeout value.

您在timeout属性中设置的值是设置会话超时值的正确方法之一。

The timeoutattribute specifies the number of minutes a session can be idle before it is abandoned. The default value for this attribute is 20.

该timeout属性指定会话在放弃之前可以空闲的分钟数。此属性的默认值为 20。

By assigning a value of 1 to this attribute, you've set the session to be abandoned in 1 minute after its idle.

通过将值 1 分配给该属性，您已将会话设置为在其空闲后 1 分钟内放弃。

To test this, create a simple aspx page, and write this code in the Page_Load event,

为了测试这一点，创建一个简单的 aspx 页面，并在 Page_Load 事件中编写此代码，

Response.Write(Session.SessionID);

Open a browser and go to this page. A session id will be printed. Wait for a minute to pass, then hit refresh. The session id will change.

打开浏览器并转到此页面。将打印会话 ID。等待一分钟过去，然后点击刷新。会话 ID 会改变。

Now, if my guess is correct, you want to make your users log out as soon as the session times out. For doing this, you can rig up a login page which will verify the user credentials, and create a session variable like this -

现在，如果我的猜测是正确的，您想让您的用户在会话超时后立即注销。为此，您可以设置一个登录页面来验证用户凭据，并创建一个像这样的会话变量 -

Session["UserId"] = 1;

Now, you will have to perform a check on every page for this variable like this -

现在，您必须像这样在每个页面上对该变量执行检查 -

if(Session["UserId"] == null)
    Response.Redirect("login.aspx");

This is a bare-bones example of how this will work.

这是一个简单的例子，说明这将如何工作。

But, for making your production quality secure apps, use Roles & Membershipclasses provided by ASP.NET. They provide Forms-based authentication which is much more reliabletha the normal Session-based authentication you are trying to use.

但是，为了使您的生产质量安全的应用程序，请使用ASP.NET 提供的角色和成员资格类。它们提供基于表单的身份验证，这比您尝试使用的基于会话的普通身份验证要可靠得多。

Use this in web.config:

在web.config：

<sessionState 

  timeout="20" 
/>

If it's not working from web.config, you need to set it from IIS.

如果它不能从 工作web.config，您需要从 IIS 设置它。

If you are using MVC, you put this in the web.config file in the Root directory of the web application, not the web.config in the Views directory. It also needs to be IN the system.web node, not under like George2 stated in his question: "I wrote under system.web section in the web.config"

如果您使用 MVC，请将其放在 Web 应用程序根目录中的 web.config 文件中，而不是 Views 目录中的 web.config。它也需要在 system.web 节点中，而不是像 George2 在他的问题中所说的那样：“我在 web.config 的 system.web 部分下写的”

The timeout parameter value represents minutes.

timeout 参数值代表分钟。

There are other attributes that can be set in the sessionState element. You can find information here: docs.microsoft.com sessionState

可以在 sessionState 元素中设置其他属性。您可以在此处找到信息：docs.microsoft.com sessionState

<configuration>
   <system.web>
      <sessionState timeout="20"></sessionState>
   </system.web>
</configuration>

You can then catch the begining of a new session in the Global.asax file by adding the following method:

然后，您可以通过添加以下方法在 Global.asax 文件中捕捉新会话的开始：

void Session_Start(object sender, EventArgs e)
{
    if (Session.IsNewSession)
    {
        //do things that need to happen
        //when a new session starts.
    }
}