I want to use a SessionStateServer Redis in Azure Cache. My problem is I want to set a custom timeouts for our users but it always takes the default value.
How do I specify custom timeout values for our users ?
<sessionState mode="Custom" customProvider="MySessionStateStore" timeout="20">
<providers>
<add type="Microsoft.Web.Redis.RedisSessionStateProvider" name="MySessionStateStore" host="host" port="6380" accessKey="pass" ssl="true" throwOnError="true" retryTimeoutInMilliseconds="0" databaseId="0" applicationName="xxxDev" connectionTimeoutInMilliseconds="5000" operationTimeoutInMilliseconds="5000" />
</providers>
</sessionState>
This same bug was reported here: http://blogs.msdn.com/b/webdev/archive/2014/05/12/announcing-asp-net-session-state-provider-for-redis-preview-release.aspx#comments
It is fixed in https://www.nuget.org/packages/Microsoft.Web.RedisSessionStateProvider/1.1.0
Related
There are two applications under one domain.
example.com
example.com/module1
example.com/module2
If there is no module1 and module2 session, go to example.com. User must login to example.com. User can use that session in module1 and module2 after login.
How do I do this? Can I use session state for that?
<sessionState mode="InProc" timeout="1" cookieless="false" />
To share session states among multiple applications you need to specify the same sharedId in web.config(sessionState element) for both applications.
<sessionState mode="Custom" customProvider="AppFabricCacheSessionStoreProvider">
<providers>
<!-- specify the named cache for session data -->
<add name="AppFabricCacheSessionStoreProvider"
type="Microsoft.ApplicationServer.Caching.DataCacheSessionStoreProvider"
cacheName="NamedCache1"
sharedId="SharedApp"/>
</providers>
</sessionState>
More information you can refer to this link: Configuring an ASP.NET Session State Provider.
(Using inverted commas because I don't think this is strictly a single sign-on use case. Although it's the same concept.)
I have an existing ASP.NET Web Forms site (SiteA) using Membership...
Web.config:
<machineKey validationKey="etc"
decryptionKey="etc"
validation="SHA1"
decryption="AES" />
<authentication mode="Forms">
<forms name="goodcookie"
loginUrl="~/login"
timeout="2880"
defaultUrl="~/" />
</authentication>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="etc"
applicationName="etc" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="etc"
applicationName="etc"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
Login button's codebehind:
if (Membership.ValidateUser(txtUsername.Value, txtPassword.Value))
{
FormsAuthentication.SetAuthCookie(txtUsername.Value, true);
Response.RedirectToRoute("home");
}
Master page's codebehind for each page load:
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
Response.Clear();
Response.Redirect("/login", true);
}
There's a requirement to create a new site (SiteB) on a separate domain, however both SiteA and SiteB will use the same database.
Some users will only have access to SiteA, some only to SiteB, and some to both SiteA and SiteB. This will be determined by their role(s).
I've created SiteB with identical values in Web.config (same cookie name, same machine key, etc). Even the same application name just to test. Of course I'm able to log in to both sites with the same user credentials, but.. if I'm logged in to SiteA, and I load SiteB, it will behave like I'm not authenticated (ie. redirect me to the login page).
What could I be missing?
(Will edit if I think of any more relevant details)
Different domains cannot read coookies of each other and thus if you logged in to SiteA the authentication cookie isn't sent when you request SiteB. But different subdomains can share cookies so moving sites to single domain should be a solution. Also read this question and answers for more information.
I am working on an asp.net mvc-4 web application hosted under IIS-8 and windows server 2008 R2.
now for the asp.net mvc i am using form authentication, which is integrated with our active directory.
here is the related entities inside our web.config :-
<membership>
<providers>
<add name="TestDomain1ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="TestDomain1ConnectionString" connectionUsername="*********" connectionPassword="******" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="40320" />
</authentication>
now my question is about the timeout parameter inside the <forms>. now i understand this setting as follow:-
When the user first login to the web application , he will enter a username & password. if his credentials are valid, a browser cookie will be generated to him, and saved inside the browser cache. now since i have specified a timeout="40320". this means that the browser cookie will expire after 40320 minute ?? is this correct ? so if the user try to access the system after 40320+ minute from his first login, then IIS will see that the passed cookie is expired and will logout the user .. is this correct ?
https://msdn.microsoft.com/en-IN/library/1d3t3c61(v=vs.85).aspx
Optional attribute.
Specifies the time, in integer minutes, after which the cookie expires. If the SlidingExpiration attribute is true, the timeout attribute is a sliding value, expiring at the specified number of minutes after the time that the last request was received. To prevent compromised performance, and to avoid multiple browser warnings for users who have cookie warnings turned on, the cookie is updated when more than half of the specified time has elapsed. This might cause a loss of precision. The default is "30" (30 minutes).
I'm using the following configuration on a cloud services instance in Azure for ASP.NET sessionstate in the Web.Config:
<sessionState mode="Custom" customProvider="DistributedCacheSessionStateStoreProvider">
<providers>
<add name="DistributedCacheSessionStateStoreProvider" type="Microsoft.Web.DistributedCache.DistributedCacheSessionStateStoreProvider, Microsoft.Web.DistributedCache" cacheName="default" useBlobMode="true" dataCacheClientName="default" />
</providers>
</sessionState>
And the datacacheclient's configuration:
<dataCacheClients>
<dataCacheClient name="default" isCompressionEnabled="false">
<autoDiscover isEnabled="true" identifier="InternetWebRole" />
<localCache isEnabled="true" sync="TimeoutBased" objectCount="100000" ttlValue="300" />
</dataCacheClient>
</dataCacheClients>
When I create a new deployment to Cloud Services, the process was succesfully executed. But when I login on the website, the session only lasts for 1 or 2 requests. Clicking to another page redirects me back to the login-page. The authentication of my profile is succesful, but the session is expired almost immediately. I'm using forms-authentication using the normal ASP.NET membership provider:
<authentication mode="Forms">
<forms loginUrl="/Login" timeout="120" />
</authentication>
Strange thing is that 3 or 4 hours later, the problem solves itself. I can login again and it keeps my session for two hours straight. I've kept the instance running now for the weekend and still everyting is working fine. But as soon as I delete the deployment and create a new one the problem starts all over again.
Is there anyone that recognize this issue with the same sessionstate provider?
I've solved the issue by adding a machine key to the web.config, which is the same for all cloud services instaces.
I have defined session in my asp.net web application:
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="5">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>
In the application, i am reading/saving data from/into session.
Session["userId"] = "UID123443";
string userId = Session["userId"].ToString()
My question is, that, if i read/write data to session, is the timeout reinitialized automatically?
If yes, is there any way of preventing this? For example, i need the session expire from 5 to 5 minutes, even if i am accessing data from it in the meantime.
I believe the timeout session is reset every time you do anything to the server. So causing a postback will reset the timer.
You could add a session variable called 'WhenToTimeout' which you set to 5 minutes from now. Only do it one time. Then when the current time is later than that - do what you need to do (log them out, ...)