I'm dealing some issues after i authenticate in a asp.net application. My authentication is pretty standard, validate the user and redirect him to a new page.
After redirect to newpage.aspx -the session starts again.. i have no idea why.. I mention that is a load balance environment and i'm using internet explorer.
Could somebody help me to diagnose this problem.
Thanks in advance
Are your machine keys equal on both machines?
<system.web>
<machineKey
validationKey="[place validation key here]"
decryptionKey="[place decryption key here]"
validation="SHA1" />
<sessionState
mode="StateServer"
stateConnectionString="[connectionstring here]"
cookieless="[true or false]"
timeout="60" />
</system.web>
Related
I have checked various questions asked in SO in this topic also tried the solutions provided for the various questions, but it doesnt work for me.
My application is ASP .Net4.5, I store username, usertype in session and later it is used while inserting data to the SQL tables. I have set the session time out in webconfig as follows.
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".mycookie" timeout="60"></forms>
</authentication>
<sessionState mode="InProc" cookieless="false" timeout="60" />
In the IIS settings against Sessionstate the following were set
SessionState = In Process
Cookie settings -> Mode = Use Cookies
Name = ASP.Net_SessionId
Timeout (min) = 60
I'm not sure whether I'm setting this in wrong way in the above settings. The issue is my application session timeouts much before the set time, I feel it gets timeout in 10-15 minutes. Please advise how to set the timeout value correctly.
Probably, you are getting problem with form authentication timeout and session timeout. Please see here.
Try this in web config file.
<system.web>
<authentication mode="Forms">
<forms timeout="50"/>
</authentication>
<sessionState timeout="60" />
</system.web>
I tried setting session timeout, but it didnt worked for me. I decided to store those session variables used in cookies, and read from cookies. Now there is no session timeout issue. I clear the cookies while login to the application, also set the expiry to 1 day to avoid any issue. Thanks for helping me.
I'm using the following configuration on a cloud services instance in Azure for ASP.NET sessionstate in the Web.Config:
<sessionState mode="Custom" customProvider="DistributedCacheSessionStateStoreProvider">
<providers>
<add name="DistributedCacheSessionStateStoreProvider" type="Microsoft.Web.DistributedCache.DistributedCacheSessionStateStoreProvider, Microsoft.Web.DistributedCache" cacheName="default" useBlobMode="true" dataCacheClientName="default" />
</providers>
</sessionState>
And the datacacheclient's configuration:
<dataCacheClients>
<dataCacheClient name="default" isCompressionEnabled="false">
<autoDiscover isEnabled="true" identifier="InternetWebRole" />
<localCache isEnabled="true" sync="TimeoutBased" objectCount="100000" ttlValue="300" />
</dataCacheClient>
</dataCacheClients>
When I create a new deployment to Cloud Services, the process was succesfully executed. But when I login on the website, the session only lasts for 1 or 2 requests. Clicking to another page redirects me back to the login-page. The authentication of my profile is succesful, but the session is expired almost immediately. I'm using forms-authentication using the normal ASP.NET membership provider:
<authentication mode="Forms">
<forms loginUrl="/Login" timeout="120" />
</authentication>
Strange thing is that 3 or 4 hours later, the problem solves itself. I can login again and it keeps my session for two hours straight. I've kept the instance running now for the weekend and still everyting is working fine. But as soon as I delete the deployment and create a new one the problem starts all over again.
Is there anyone that recognize this issue with the same sessionstate provider?
I've solved the issue by adding a machine key to the web.config, which is the same for all cloud services instaces.
I use Form Based Authentication in my site
In my login page I have:
FormsAuthentication.SetAuthCookie(user.userName, true)
When I want to check if the user is authenticated I do:
HttpContext.Current.User.Identity.IsAuthenticated
I'm not using Asp.net Membership, instead i use my on SQL-DB verification
do i have to use Asp.net Membership ?
This is working for me most of the times
The problem is that sometimes after 5 hours or something after 30 hours
The Application pool gets restarted for some reason (I’m on a shared server)
And after that the “User.Identity.IsAuthenticated” returns with false, every time until the user logs in again.
This is strange to me because I can see that the client still have the persistent authCookie so why the user is not authenticated ?
My Web.Config reference:
<authentication mode="Forms">
<forms
name="AuthCookie"
loginUrl="~/mySite/ManageLogin.aspx"
timeout="5256000"/>
</authentication>
Any help will be appreciated.
My site www.mentallica.co.il
This may be due to the automatic generation of the machinekey at the application start. You can prevent that by specifying a machinekey for your app in your web.config:
<machineKey
validationKey="410E4E2B06BE457709F2D8C72BB02957A3B4E8BA327F3A6103696857AD3A88598D454489B9D4CAAFC2D5E35E8795B311EE2E94DAA485FD64D7184272A4AE4D8B"
decryptionKey="EFAFA0917D0D8F137F05B26AE053397C48D34DE688E73483D15C8EDAF0D6FD4F"
validation="SHA1"
decryption="AES" />
You shouldn't use this one - you may create your own easily at http://aspnetresources.com/tools/machineKey .
More information about machinekeys: http://msdn.microsoft.com/en-us/library/ff649308.aspx
I am trying to change the time it takes for my session to expire. My views are verifying session with <Authorize()>, which works great.
I am doing my session creation as follows:
FormsAuthentication.SetAuthCookie(model.UserName, True)
Return RedirectToAction("Welcome", "Home")
My password is verified with
FormsAuthentication.Authenticate(username, password)
My route web.config has inside system.web
<sessionState timeout="7200"></sessionState>
MY authorization node is as follows:
<authentication mode="Forms">
<forms loginUrl="~/Home/Login" timeout="7200" cookieless="UseCookies" name=".LoginCookie" slidingExpiration="true" >
<credentials passwordFormat="Clear">
<user name="user" password="pass" />
</credentials>
</forms>
</authentication>
Once logged in I can even verify the specific cookie 'LoginCookie' is set to expire in a few days, yet still, if I am inactive for 30 minutes, my user is getting sent to the login page.
Finally, this appears to work fine in Visual Studio, as it always has for sites I have done, but for some reason once in IIS it doesn't (production environment).
Any help on something I may have missed is really appreciated.
That's probably when your IIS apppool is set to recycle. Cache variables are then lost unless they are stored in SQL server or State Server.
Check the settings in the AppPool within IIS. You can extend the idle timeout if required.
Also read this article: http://support.microsoft.com/default.aspx?scid=kb;en-us;324772
I'm having trouble with a site that just went to production. For some reason, although the settings seem to be correct for a 15 minutes session timeout, users are reporting that in about 5 minutes they have to log in again.
What can I check? how can I troubleshoot this? I can't reproduce it locally, or in our QA environment. Are there IIS settings I could check? browser settings on the client?
below is my web.config entry for the authentication. Thanks!
<authentication mode="Forms">
<forms loginUrl="~/admin/Login" cookieless="UseCookies" requireSSL="false" timeout="15" slidingExpiration="true" name="{C8226EAB-2423-45ce-8A1D-3BC227F1BEE9}"/>
</authentication>
You'll need to add a machine key to your web.config file. It' getting autogenerated with each app pool recycle and causing your auth ticket cookie values to fail.
This is similar to the following question:
figuring out why asp.net authentication ticket is expiring
Well I think that you need also to set the settings of domain name. Do not set www.yourdomain.com, because this way if a user get on yourdomain.com is get diferent cookie.
Set it to root name with our the www: yourdomain.com
<authentication mode="Forms">
<forms
path="/"
domain="yourdoman.com" // <- maybe this key is the reason
/>
</authentication>
Make suer the session is set to at least 15 minutes as well in IIS Manager.