How to turn off session state for a certain directory? - asp.net

I have a custom session provider that stores data in a DB, so fetching session state is not a cheap operation. I have also runAllManagedModulesForAllRequests="true" in my web.config, so sessions are inicialized for every request to an image.
So, I am striving for turning off session state for directories with static resources. Unfortunately, setting <sessionState mode="Off" /> for a folder does not work as this is application-level option.
I could handle this in the code of my custom session provider, but I am wondering if there is some cleaner, more declarative solution.
Edit: <pages enableSessionState="false" /> does not seem to help as it is probably related to ASP.NET pages and controls only.

I don't think that is possible, think about it as session is provided for the whole application, and you just can say at this folder i have and at that i don't, all you can do is to custom code the costly operation of your provider to not run according to certain conditions, place that correctly in your page life cycle.

I ran into the same problem trying to do WebServices with cookieless sessions. I solved it with using a symbolic link. Here are the steps:
1) Make your subdirectory its own application in IIS
2) put this in the subdirectory web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<sessionState mode="Off" />
</system.web>
</configuration>
3) Create a symbolic link to redirect BIN to your own BIN. In my example the subdirectory was only 1 level below my main application. So I did this command from the subdirectory:
mklink /D bin ..\bin
That's it. It will load assemblies from your main BIN directory, and inherit all its other settings from your main application.

Related

ASP.NET 3.5 application with multiple web.config files (IIS 7)

We are working on a web application that creates more web applications.
Each web application will have to get a Url Rewrite rule (URL REWRITE MODULE 2.0).
As far as I know, there's no way to add such rules without modifying the web.config file (am I right??).
So my plan was to work with multiple web.config partial files. One main .config file, and lots of .config files per application (every file will contain it's web application url rewrite rules).
This way sounds a little bit messy, but I can't think of anything else, and suggestions will be welcomed.
So is it possible to use very-multiple web.config files for the root application?
Thanks in advance, Gal.
This following Tag will do the trick.
The absence of this tag was the main reason for my problem when i using with two web.config files for my two different application running in my website.
**<location path="." inheritInChildApplications="false">**
<system.web>
<!-- ... -->
</system.web>
**</location>**
Every application must have a full web.config and not partial, exept if you go with net 4
The trick is to use a lot the remove command on the other inside web.config and remove the parents setting that must not used on this.
For example if on the main root you have the a module that you do not won to use it on the other trees, you use the remove command on all other web.config to remove it. Especial the modules that are on one Bin and not on an other directory bin.
<httpModules>
<remove name="TheHttoModuleNotNeedHere" />
<remove name="AnonymousIdentification" />
... add here your other modules for that directory...
</httpModules>
The remove command is working for almost all sessions on config.
You can do make it work, I have done it, but its a lot of work to find all the conflicts/unnecessary configs and remove it.
For some other session there also the clear command. For example on role Manager you can clear all and add new.
<roleManager enabled="true" ...>
<providers>
<clear />
<add name="MyName" ... type="System.Web.Security.SqlRoleProvider" />
</providers>
Hope this help as tips to make it work.

Severe Session issues ASP.NET

I have a kind of an ugly situation.
I have a big program that uses session to carry over data from one page to another in a CRM system build in ASP.NET 3.5 C#
The problem is that if you have two instance of this program open in the same browser and browse the same page, the sessions of course gets overridden.
As you can imagine, this is a huge issue and a huge liability for the system.
What is the right thing to do here? I use tons of AJAX, and need to pass objects from page to page, so url parameters is not really an option here.
Any suggestions?
What is your web.config sessionState configured? I think in your situation you can reduce the severity of your problem by configuring it as follows:
<configuration>
<system.web>
<sessionState mode="InProc" cookieless="true" timeout="20"/>
OR
<sessionState cookieless="true" regenerateExpiredSessionId="true" timeout="20" />
</system.web>
</configuration>
But the latter is going to mangle your URLs. You'll end up with ASP.NET inserting session IDs into your URLs, something like http://www.example.com/(S(lit3py55t21z5v55vlm25s55))/orderform.aspx. More about it here.

Is web.config or app.config cached in memory

if it is cached, what happens if I use multiple web.config in multi-level folders
They all get cached.
Configuration is read once, at startup. With web.config, IIS watches for file changes and restarts the application.
OK, so ya'll are missing a KEY feature in the Web.Config file's area.
Yes, web.config is cached and changing contents of the file will restart your web app. And, all your connected users will not be happy, too, because they'll need to "reconnect" a-new, possibly losing desired information.
So, use an EXTERNAL custom file for your AppSettings, as follows:
<appSettings configSource="MyCustom_AppSettings.config"/>
Then, in the file MyCustom_AppSettings.config file, you have your settings, as such this example has:
<appSettings>
<!-- AppSecurity Settings -->
<add key="AppStatus_Active" value="Active"/>
<!-- Application Info Settings -->
<add key="AppID" value="25"/>
<add key="AppName" value="MyCoolApp"/>
<add key="AppVersion" value="20120307_162344"/>
</appSettings>
Now, if you need to add, change, or remove an AppSetting, when you change it in this file the change is nearly instant in your web-app BUT (and here's the BEST part), your app DOES NOT RESTART!
Everything stays kosher except those settings you've added/modified/removed in the external .config file.
And, yes, the same thing can done for the section as follows:
<connectionStrings configSource="MyCustomApp_ConnectionStrings.config"/>
and the file MyCustomApp_ConnectionStrings.config has all the connection strings you need. Change a connection string in the external .config file and it starts getting used right away and with no web-app restart.
The configSource setting(s) are great when you need to deploy to development, testing, and production on different boxes and need settings pertinent to that given box/environment.
So, now ya know (something that's been around for 7+ years).
It's That Simple. Really.
KC
Web.config (excluding external config files) is read when the application loads. Some config settings have a cascading behavior. For example, the system.web/authorization section can be overridden by configs at deeper levels.
ASP.NET monitors the web.config for changes. When it changes, the web application is forced to restart. Moral is that web.config settings are cached for the life of the application.

Enable all caches except asp net output cache

I have different urls that points to the same code
www.url1.com
www.url2.com
I need to use the cache, but if the asp net cache is enabled when someone access to www.url1.com next person accessing www.url2.com could get the previously cached data (www.url1.com)
I need to have ALL caches activated except this one.
You can disable ASP.Net output caching for the entire application by putting it in your web.config file.
<configuration>
<system.web>
<caching>
<outputCache enableOutputCache="false">
</outputCache>
</caching>
</system.web>
</configuration>
But unless you're actually putting anything in the cache in the first place, you don't have anything to worry about.

Is it possible to change web.config without ending all user sessions?

Is it possible to change the web.config file without giving all the users on the site a new session?
You can move the volatile portions of the web.config into external files and then set up IIS to not restart applications when those files change.
In the example below, application and connection-string settings have been moved to another file, outside of the web.config.
<?xml version="1.0"?>
<configuration>
<appSettings configSource="appSettings.config"/>
<connectionStrings configSource="connections.config"/>
</configuration>
Once that's done, you can make changes to app settings (or whatever else you put in the external file) without editing the web.config.
You can also visit the machine.config and play with the restartOnExternalChanges attribute, but this should be used with caution as it could have unintended consequences. Some sections, such as app-settings, already have this set to "false".
<section name="appSettings" restartOnExternalChanges="false">
More details are available in this OdeToCode article.
If you don't use InProc session state, then your sessions should persist across application restarts.
sessionState Element (Including notes on configuring SqlServer mode.

Resources