A basic question I can't seem to find the answer for:

Web servers and/or applications can specify "Session Timeout" value(s). Is this timeout:

- the maximum length of time a session can remain idle before being automatically closed (what is sometimes called an "idle timeout")

OR

- the maximum length of time the session is allowed to exist, REGARDLESS of user activity in the session?

It seems that default session timeout is 20 minutes in IIS/ASP.NET. In my app some forms have large text fields in which users will put relatively large chunks of text. I'm concerned that if they dawdle in a field while composing a "magnum opus", their session will time out and they'll lose it all. They might get choked about that :\

So, although I've raised the session timeout to 60 minutes I'm telling the users not to go more than 30 without saving or they might lose it :) Nonetheless, they could easily sit there for hours at a time, saving regularly. That's why I need to know if the timeout value is an "idle timeout" or a total session time limit.

I suppose a related question would be - is there any way to warn a user their session is about to expire?