HTTP 440 Login Timeout (IIS) — What It Means & How to Fix It

Fix Microsoft IIS HTTP 440 Login Timeout error when the user's session has expired and they need to re-authenticate. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.

Here are the key things to understand: HTTP 440 is a non-standard status code used by Microsoft Internet Information Services (IIS). It indicates that the user's session has timed out and they must log in again to continue. This is specific to IIS and is not part of the official HTTP specification. Often seen in SharePoint, Outlook Web Access, and other Microsoft web applications. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.

The most common reasons this occurs include: User session expired due to inactivity timeout configured in IIS or the application. Authentication token or cookie has expired on the server side. Load balancer routing to a different server that does not have the session data. Forms authentication timeout value set too low in web.config. Identifying the root cause is the first step toward finding the right solution.

To resolve this, follow these recommended steps: Increase the session timeout in IIS Manager under Session State settings. Check the forms authentication timeout in web.config: <forms timeout="60" />. Enable sticky sessions on the load balancer to ensure requests go to the same server. Implement session state storage in SQL Server or Redis for multi-server environments. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.

This article is part of our HTTP Status Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.