Hi All

I'm using a dedicated server for my classic asp site and the IIS part is all new to me!

I use sessions to moderate the security of the site, but because this site uses a lot of ajax stuff on pages and/or the users leave the site for quite a while, I'm having quite of a few timeout issues that the user is none the wiser on until they physically click to go to another page in the site. FYR, when they do a new page and the session is gone I bounce them back to the login page.

I was toying with an alternative method to using sessions (no idea what), but I really like the simplicity of it and don't want to change.

My problem is I don't know if I should increase the session timeout from the default (20 mins) to something higher (is this a bad thing?? if so, why?) and also I don't know if this new thing I've read about, ie application pool idle timeout, is actually overriding what I put in the session timeout anyway!!

Currently the app pool idle time is set to 5 mins - is this a good thing?

Apols for being a newbie, but I **think** if I can sort out these two values I'm sorted.