I am trying to make the session timeout in my application configurable.
When I put the following code in my web.config file it works fine:
<sessionState cookieless="true" timeout="1" />
That is, I can see my session times out after 1 minute. However, this code has the side effect of putting the session id in the url which is not desirable.
On the other hand, if I use the following code in my web.config, the session does not timeout for at least 1 hour or longer:
<sessionState cookieless="false" timeout="1" />
To determine that the session is in fact timing out, I am using the following code in my _Layout.cshtml:
#if (Session[MvcApplication._Ssn_UserName] == null)
{
Response.Redirect("~/Login/Index");
}
When the timeout is working, I see the user redirected to my Login page anytime they navigate to a different page or just hit the refresh button in the browser.
I see the same behavior when running from Visual Studio (IIS Express) or when running on IIS.
I've done a lot of searching online, and haven't discovered any correlation between the cookieless setting and the timeout behavior. Any ideas would be appreciated.
Try to use the iis session state setting as suggested below:
1)open iis and select your site.
2)select the session state feature
3)set the mode and cookie setting as per your choice:
session timeout value should not be set higher than 20 minutes (except in special cases) because every open session is holding onto memory. It should also not be set lower than 4 minutes because clients rarely respond within that time resulting in a loss of session state.so try to set like 5 minutes or more.
make sure there is no other session time out setting which conflicts with this setting like global.asax file setting or code-behind time out setting.
try to set the iis application pool ideal time out setting the same as session Tim out setting.
go to the Application Pool of the website --> go to advanced settings --> Process Model --> and change Idle Time-out
I have set session time out to 9 hours in web.config file something like this:
“<sessionState mode="InProc" timeout="540" />
But often users complain that they are facing time out in less than 9 hours of inactivity and the time interval after they are timed out also varies.
I was wondering if session time out is dependent on any of the below settings in IIS:
Session time setting
Idle- time out setting for Application pool
Recycling setting.
Please advise.
Also, how do I check session time out setting in IIS 7.0?
The session will be lost when the ApplicationPool recycles. That's one of the IIS settings that you mentioned. To set only the timeout in the web.config will not be enough. You need to adjust the setting in IIS.
Here is a link I found while I was looking into the same problem.
Also, this question was very useful: Losing Session State
If you are using Forms authentication you should make sure your FormAuthentication Cookie is set to expire at the same time as your Session.
If not make sure your IIS is not getting recycled. ( put a logger in your Global.asax to verify the application end events compared to your users complaints.)
It is not enough to set session time out in your web config. If the server on which your site is hosted is having less time out value set in IIS setting, your session is time out according to the server session time out value.
also if you are deleting any folder from the server directory, this can also cause your AppPool to recycle unexpectedly.
so please check the server session time out value and if it less then ask your hosting to increase it as per your requirement.
Hey I have the following line in my web.config
<sessionState mode="InProc" timeout="45"/>
Which I thought would keep sessions intact for 45 mins
But I have seen the case where if a user is inactive for lets say 15 mins the sessions times out.
How can I stop this ?
Edit : Just noticed I have the following line in the master page
meta http-equiv="Refresh" content="1800;URL=http://www.virtualacademy.ie/login.aspx">
Maybe this is causing the issue, what is the above line doing i.e the number 1800
Be sure to check your IIS configuration because the application pool that your site is hosted on also has its own timeout value which will override your own .config.
To increase it,
Open IIS
Select Application Pools on the left side
Select the Application Pool used by your site
Choose advanced settings
Under Process Model categtory increase the 'Idle Time-out' value to the desired length.
Hope this helps.
(If you do not have a dedicated server / access to IIS with your hosting provider you will have to contact them to see if they can increase it for you)
If the user closes their browser or clears cookies, or if the AppDomain on the server is recycled, the session state will be lost.
Have you checked logs to see if the app is recycling?
AppDomain recycles are a very common problem for this if the sessionState is InProc. It is very much advised to use a StateServer or SQLServer for production systems instead. See Session-State Modes for documentation on how to use each, and the pros and cons of the three different types.
Personally, we use SQL Server if we must for web server farms--slower but can be shared. We use State Server if the site will only be hosted on a single web server--state survives AppDomain restarts, but not entire server restarts.
Also, in the past we have used an AJAX post in the background while the user is watching long running videos or performing long client-side tasks, so that the session timeout gets reset every few minutes. Nothing special about this code--just have a little JavaScript hit every few minutes some ASPX page that returns nothing.
Are you using Forms Authentication? It has its own timeout setting that when expires will redirect the user to your login page even if their session is still valid.
I have an ASP.net website where I am facing a session timeout issue. In web.config I have set session timeout to 480 (8 hours as session time). But even then session does not stay that long; it goes out after a number of minutes. Why is that and how I can fix it? My site is hosted on a shared hosting server.
By default Session time in asp.net is 20 min, and we can change it by setting Web.config file.
Now in your case you are setting it to 8 hours but went out in 1 min.
Do you know that there are few point by which session can be time out?
*) When it is wrongly configured in Web.Config file.
*) We can set this time out in server (IIS) also, so if its default setting is changed.
*) When the total memory of session is higher that the assign in shared host.
*) When there are some internal error at run time in any page, then session will be lost.
*) When some one or any process is changingadding any aspx file or web.config file at runtime.
So check all these point. I am sure it will resolve your problem...
Also, have you checked the app pool recycling options?
Your hosting provider have probably set some low value in "Recycle worker processes" in IIS for your application pool. Not sure if they can change that for you but you could try to ask them.
There are many reason which cause your session timeout before the actual value configure in web.config file.
one such reason is that if you hosted your applcation and forgot to reset the app pool after deployemnt.
or
once you deploy the application for first time then its corresponding app pool may get reset dusring the first run of application.
or if your app pool may get crash in between the process..
You can diagnose this problem first check your app pool (in advanced settings- if you hosted your application in IIS) now by going to the Event Viewr and check the logs in Custom Views go to server role then find the log by clicking find button at right side pane and paste your app pool name in search box.
check for the error or warning message related to app pool.
i hope this ma help you
I have an ASP.net application where Users aren't able to successfully complete certain actions, for reasons, I'm assuming, can only be related to losing their session (which is where I maintain their current user information, and how determine whether they are logged in)
I'm at a loss as to why they would lose their session, so my first question is:
What (in general) would cause a user to lose their session in ASP.net?
and since I don't know when a user loses their session and can't reproduce it myself:
How can I track when I user loses their session
Below is my sessionState config for reference
<sessionState
mode="InProc"
cookieless="false"
cookieName="My.Site.Com"
timeout="480"/>
A number of things can cause session state to mysteriously disappear.
Your sessionState timeout has expired
You update your web.config or other file type that causes your AppDomain to recycle
Your AppPool in IIS recycles
You update your site with a lot of files, and ASP.NET proactively destroys your AppDomain to recompile and preserve memory.
-
If you are using IIS 7 or 7.5, here are a few things to look for:
By default, IIS sets AppPools to turn themselves off after a period of inactivity.
By default, IIS sets AppPools to recycle every 1740 minutes (obviously depending on your root configuration, but that's the default)
In IIS, check out the "Advanced Settings" of your AppPool. In there is a property called "Idle Time-out". Set that to zero or to a higher number than the default (20).
In IIS, check the "Recycling" settings of your AppPool. Here you can enable or disable your AppPool from recycling. The 2nd page of the wizard is a way to log to the Event Log each type of AppPool shut down.
If you are using IIS 6, the same settings apply (for the most part but with different ways of getting to them), however getting them to log the recycles is more of a pain. Here is a link to a way to get IIS 6 to log AppPool recycle events:
http://web.archive.org/web/20100803114054/http://surrealization.com/sample-code/getnotifiedwhenapppoolrecycles/
-
If you are updating files on your web app, you should expect all session to be lost. That's just the nature of the beast. However, you might not expect it to happen multiple times. If you update 15 or more files (aspx, dll, etc), there is a likelyhood that you will have multiple restarts over a period of time as these pages are recompiled by users accessing the site. See these two links:
http://support.microsoft.com/kb/319947
http://msdn.microsoft.com/en-us/library/system.web.configuration.compilationsection.numrecompilesbeforeapprestart.aspx
Setting the numCompilesBeforeAppRestart to a higher number (or manually bouncing your AppPool) will eliminate this issue.
-
You can always handle Application_SessionStart and Application_SessionEnd to be notified when a session is created or ended. The HttpSessionState class also has an IsNewSession property you can check on any page request to determine if a new session is created for the active user.
-
Finally, if it's possible in your circumstance, I have used the SQL Server session mode with good success. It's not recommended if you are storing a large amount of data in it (every request loads and saves the full amount of data from SQL Server) and it can be a pain if you are putting custom objects in it (as they have to be serializable), but it has helped me in a shared hosting scenario where I couldn't configure my AppPool to not recycle couple hours. In my case, I stored limited information and it had no adverse performance effect. Add to this the fact that an existing user will reuse their SessionID by default and my users never noticed the fact that their in-memory Session was dropped by an AppPool recycle because all their state was stored in SQL Server.
I was having a situation in ASP.NET 4.0 where my session would be reset on every page request (and my SESSION_START code would run on each page request). This didn't happen to every user for every session, but it usually happened, and when it did, it would happen on each page request.
My web.config sessionState tag had the same setting as the one mentioned above.
cookieless="false"
When I changed it to the following...
cookieless="UseCookies"
... the problem seemed to go away. Apparently true|false were old choices from ASP.NET 1. Starting in ASP.Net 2.0, the enumerated choices started being available. I guess these options were deprecated. The "false" value has never presented a problem in the past - I've only noticed in on ASP.NET 4.0. I don't know if something has changed in 4.0 that no longer supports it correctly.
Also, I just found this out not long ago. Since the problem was intermittent before, I suppose I could still encounter it, but so far it's working with this new setting.
In my case setting AppPool->AdvancedSettings->Maximum Worker Proccesses to 1 helped.
Your session is lost becoz....
JUST MAKE SURE THERE ARE NO RUNTIME ERRORS, ANY FATAL EXCEPTION WOULD
KILL THE SESSION!
In Microsoft stack, Visual Studio - put Ctrl + Alt + E - All Exceptions ON, then run the code in Debugging mode. Any Fatal ones are THE reason for session loss..
You could add some logging to the Global.asax in Session_Start and Application_Start to track what's going on with the user's Session and the Application as a whole.
Also, watch out of you're running in Web Farm mode (multiple IIS threads defined in the application pool) or load balancing because the user can end up hitting a different server that does not have the same memory. If this is the case, you can switch the Session mode to SQL Server.
I was only losing the session which was not a string or integer but a datarow.
Putting the data in a serializable object and saving that into the session worked for me.
Had a problem on IIS 8 when retrieving Content via Ajax. The issue was that MaximumWorkerProcesses was set to 2 and Javascript opened 17 concurrent requests. That was more than the AppPool could handle and a new pool (without auth-data) was opened.
Solution was to Change MaximumWorkerProcesses to 0 in IIS -> Server -> Application Pools -> [myPool] -> Advanced Settings -> Process Model -> MaximumWorkerProcesses.
Dont know is it related to your problem or not BUT Windows 2008 Server R2 or SP2 has changed its IIS settings, which leads to issue in session persistence. By default, it manages separate session variable for HTTP and HTTPS. When variables are set in HTTPS, these will be available only on HTTPS pages whenever switched.
To solve the issue, there is IIS setting. In IIS Manager, open up the ASP properties, expand Session Properties, and change
New ID On Secure Connection to False.
I had same problem by losing sessions. every time , every page reload, my sessions clear and by new reload any page, my sessions returned by valid value...
i fixed it by change MaximumWorkerProcesses from 0 to 1 in iis
I was struggling with this issue for 14 days.
Here's what helped me:
Check your recycling options in App Pool > Advanced settings. Turn off all of the options so it won't recycle on its own.
Check your web.config file for the executionTimeout property under httpRuntime and increase its value.
Check your web.config file for the timeout property under sessionState and increase its value (I set it to 300 minutes).
Go to the server's event log and check the Application log for unhandled exceptions that may cause the worker process to crash. Fix them in your code or use try and catch to eliminate this crash.
Try changing the value of your maximum worker process from 0 to 1 or the other way around, this may also solve this issue.
In my case, session state was loosing due to Load Balancer. Session was storing in one server and Load balancer was redirecting next call to another server where session state was missing.