I'm using the following configuration on a cloud services instance in Azure for ASP.NET sessionstate in the Web.Config:
<sessionState mode="Custom" customProvider="DistributedCacheSessionStateStoreProvider">
<providers>
<add name="DistributedCacheSessionStateStoreProvider" type="Microsoft.Web.DistributedCache.DistributedCacheSessionStateStoreProvider, Microsoft.Web.DistributedCache" cacheName="default" useBlobMode="true" dataCacheClientName="default" />
</providers>
</sessionState>
And the datacacheclient's configuration:
<dataCacheClients>
<dataCacheClient name="default" isCompressionEnabled="false">
<autoDiscover isEnabled="true" identifier="InternetWebRole" />
<localCache isEnabled="true" sync="TimeoutBased" objectCount="100000" ttlValue="300" />
</dataCacheClient>
</dataCacheClients>
When I create a new deployment to Cloud Services, the process was succesfully executed. But when I login on the website, the session only lasts for 1 or 2 requests. Clicking to another page redirects me back to the login-page. The authentication of my profile is succesful, but the session is expired almost immediately. I'm using forms-authentication using the normal ASP.NET membership provider:
<authentication mode="Forms">
<forms loginUrl="/Login" timeout="120" />
</authentication>
Strange thing is that 3 or 4 hours later, the problem solves itself. I can login again and it keeps my session for two hours straight. I've kept the instance running now for the weekend and still everyting is working fine. But as soon as I delete the deployment and create a new one the problem starts all over again.
Is there anyone that recognize this issue with the same sessionstate provider?
I've solved the issue by adding a machine key to the web.config, which is the same for all cloud services instaces.
Related
I am working on an asp.net mvc-4 web application hosted under IIS-8 and windows server 2008 R2.
now for the asp.net mvc i am using form authentication, which is integrated with our active directory.
here is the related entities inside our web.config :-
<membership>
<providers>
<add name="TestDomain1ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="TestDomain1ConnectionString" connectionUsername="*********" connectionPassword="******" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="40320" />
</authentication>
now my question is about the timeout parameter inside the <forms>. now i understand this setting as follow:-
When the user first login to the web application , he will enter a username & password. if his credentials are valid, a browser cookie will be generated to him, and saved inside the browser cache. now since i have specified a timeout="40320". this means that the browser cookie will expire after 40320 minute ?? is this correct ? so if the user try to access the system after 40320+ minute from his first login, then IIS will see that the passed cookie is expired and will logout the user .. is this correct ?
https://msdn.microsoft.com/en-IN/library/1d3t3c61(v=vs.85).aspx
Optional attribute.
Specifies the time, in integer minutes, after which the cookie expires. If the SlidingExpiration attribute is true, the timeout attribute is a sliding value, expiring at the specified number of minutes after the time that the last request was received. To prevent compromised performance, and to avoid multiple browser warnings for users who have cookie warnings turned on, the cookie is updated when more than half of the specified time has elapsed. This might cause a loss of precision. The default is "30" (30 minutes).
I'm dealing some issues after i authenticate in a asp.net application. My authentication is pretty standard, validate the user and redirect him to a new page.
After redirect to newpage.aspx -the session starts again.. i have no idea why.. I mention that is a load balance environment and i'm using internet explorer.
Could somebody help me to diagnose this problem.
Thanks in advance
Are your machine keys equal on both machines?
<system.web>
<machineKey
validationKey="[place validation key here]"
decryptionKey="[place decryption key here]"
validation="SHA1" />
<sessionState
mode="StateServer"
stateConnectionString="[connectionstring here]"
cookieless="[true or false]"
timeout="60" />
</system.web>
I am calling a page using ajax/jquery after every 5 mins but still my session gets killed and application redirects to login page.
Is it because of forms authentication? I have the following code in my web.config.
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
I have not specified session timeout in web.config, which means by default it will use 20 mins. But as I am calling a page after every 5 mins it should maintain session right?
Check what is the application pool time out (in IIS - web site properties) and increase it if needed. Most shared Hosting providers decreased this valus to save server resources.
Regards
I am trying to change the time it takes for my session to expire. My views are verifying session with <Authorize()>, which works great.
I am doing my session creation as follows:
FormsAuthentication.SetAuthCookie(model.UserName, True)
Return RedirectToAction("Welcome", "Home")
My password is verified with
FormsAuthentication.Authenticate(username, password)
My route web.config has inside system.web
<sessionState timeout="7200"></sessionState>
MY authorization node is as follows:
<authentication mode="Forms">
<forms loginUrl="~/Home/Login" timeout="7200" cookieless="UseCookies" name=".LoginCookie" slidingExpiration="true" >
<credentials passwordFormat="Clear">
<user name="user" password="pass" />
</credentials>
</forms>
</authentication>
Once logged in I can even verify the specific cookie 'LoginCookie' is set to expire in a few days, yet still, if I am inactive for 30 minutes, my user is getting sent to the login page.
Finally, this appears to work fine in Visual Studio, as it always has for sites I have done, but for some reason once in IIS it doesn't (production environment).
Any help on something I may have missed is really appreciated.
That's probably when your IIS apppool is set to recycle. Cache variables are then lost unless they are stored in SQL server or State Server.
Check the settings in the AppPool within IIS. You can extend the idle timeout if required.
Also read this article: http://support.microsoft.com/default.aspx?scid=kb;en-us;324772
I'm having trouble with a site that just went to production. For some reason, although the settings seem to be correct for a 15 minutes session timeout, users are reporting that in about 5 minutes they have to log in again.
What can I check? how can I troubleshoot this? I can't reproduce it locally, or in our QA environment. Are there IIS settings I could check? browser settings on the client?
below is my web.config entry for the authentication. Thanks!
<authentication mode="Forms">
<forms loginUrl="~/admin/Login" cookieless="UseCookies" requireSSL="false" timeout="15" slidingExpiration="true" name="{C8226EAB-2423-45ce-8A1D-3BC227F1BEE9}"/>
</authentication>
You'll need to add a machine key to your web.config file. It' getting autogenerated with each app pool recycle and causing your auth ticket cookie values to fail.
This is similar to the following question:
figuring out why asp.net authentication ticket is expiring
Well I think that you need also to set the settings of domain name. Do not set www.yourdomain.com, because this way if a user get on yourdomain.com is get diferent cookie.
Set it to root name with our the www: yourdomain.com
<authentication mode="Forms">
<forms
path="/"
domain="yourdoman.com" // <- maybe this key is the reason
/>
</authentication>
Make suer the session is set to at least 15 minutes as well in IIS Manager.