I have defined session in my asp.net web application:
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="5">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>
In the application, i am reading/saving data from/into session.
Session["userId"] = "UID123443";
string userId = Session["userId"].ToString()
My question is, that, if i read/write data to session, is the timeout reinitialized automatically?
If yes, is there any way of preventing this? For example, i need the session expire from 5 to 5 minutes, even if i am accessing data from it in the meantime.
I believe the timeout session is reset every time you do anything to the server. So causing a postback will reset the timer.
You could add a session variable called 'WhenToTimeout' which you set to 5 minutes from now. Only do it one time. Then when the current time is later than that - do what you need to do (log them out, ...)
Related
I am working on an asp.net mvc-4 web application hosted under IIS-8 and windows server 2008 R2.
now for the asp.net mvc i am using form authentication, which is integrated with our active directory.
here is the related entities inside our web.config :-
<membership>
<providers>
<add name="TestDomain1ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="TestDomain1ConnectionString" connectionUsername="*********" connectionPassword="******" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="40320" />
</authentication>
now my question is about the timeout parameter inside the <forms>. now i understand this setting as follow:-
When the user first login to the web application , he will enter a username & password. if his credentials are valid, a browser cookie will be generated to him, and saved inside the browser cache. now since i have specified a timeout="40320". this means that the browser cookie will expire after 40320 minute ?? is this correct ? so if the user try to access the system after 40320+ minute from his first login, then IIS will see that the passed cookie is expired and will logout the user .. is this correct ?
https://msdn.microsoft.com/en-IN/library/1d3t3c61(v=vs.85).aspx
Optional attribute.
Specifies the time, in integer minutes, after which the cookie expires. If the SlidingExpiration attribute is true, the timeout attribute is a sliding value, expiring at the specified number of minutes after the time that the last request was received. To prevent compromised performance, and to avoid multiple browser warnings for users who have cookie warnings turned on, the cookie is updated when more than half of the specified time has elapsed. This might cause a loss of precision. The default is "30" (30 minutes).
Hello friends help me,
I have my asp.net web application running locally, I have session variable, If I test any number of times locallay it is working, But When I deploy on remote server it is not working means no session value, session is empty,
<sessionState mode="InProc" timeout="1440">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>
Please can any one give me solutions?
Regards
Ram.
Not enough Rep to leave a comment, so I'll ask here. Is the remote server(s) load balanced? If so, your first request may be creating the session variable on Server 1, but the next request may go to Server 2, where the session variable does not exist.
You may want to consider a different Session State Mode
Now it is working, due to Server Ip address I got exception when Updating my database with session[username]. I thought my session is not working, actually my session is working, it is the web service API has restriction with ipaddress.Thats why I got the invalid session error.
my client papercut, and ogone payment gateway find these reason and informed me.Now it is working fine.
I thank you all the people spend time for me.
thanking you for your support
I want to use a SessionStateServer Redis in Azure Cache. My problem is I want to set a custom timeouts for our users but it always takes the default value.
How do I specify custom timeout values for our users ?
<sessionState mode="Custom" customProvider="MySessionStateStore" timeout="20">
<providers>
<add type="Microsoft.Web.Redis.RedisSessionStateProvider" name="MySessionStateStore" host="host" port="6380" accessKey="pass" ssl="true" throwOnError="true" retryTimeoutInMilliseconds="0" databaseId="0" applicationName="xxxDev" connectionTimeoutInMilliseconds="5000" operationTimeoutInMilliseconds="5000" />
</providers>
</sessionState>
This same bug was reported here: http://blogs.msdn.com/b/webdev/archive/2014/05/12/announcing-asp-net-session-state-provider-for-redis-preview-release.aspx#comments
It is fixed in https://www.nuget.org/packages/Microsoft.Web.RedisSessionStateProvider/1.1.0
I am using ASP.NET profile properties in .NET framework 2.0 application.
Hosting: On Amanzon server
Operating System: Windows Server 2012
Sql Server : 2012
IIS: 8.5
Profile Properties are anonymous users
What is happening with the end users (not able to replicate myself) that the end users are seeing the profile properties of another user
Example Say i have country USA set in my profile property
Next time i visit the webpage it may show some another Country which may be set by another user.
In IIS currently User Mode caching and Kerner Mode Caching enable.
Additionally:
I recently change the hosting means moved to another server so is that anything to do
with properties of anonymous users or do i need to clean all of the current profile users
data which i am scare of
Code:
<profile enabled="true" defaultProvider="AspNetSqlProfileProvider">
<properties>
<add name="ActionRemember" allowAnonymous="true" />
<add name="ActionName" allowAnonymous="true" />
/// huge list of properties .......
</properties>
<providers>
<remove name="AspNetSqlProfileProvider" />
<add name="AspNetSqlProfileProvider" connectionStringName="LocalSql2005Server" applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</profile>
Open to give you more details..
Update: I disabled Kernel Caching for the aspx page and the error still persists
Static variables retain their values across user sessions.
You will run in concurrency issues as more than one thread servicing a request can modify the value of the variable.
What happens if there are 2 users simultaneously logged in from two
computers, User 1 sets the value as 100, then User 2 sets the value as
200. after that user 1 invokes the Get Value button.
What will he see as the value?
The user will see 200 afterwards.
I added a link for additional information here
The application I setup uses an AspNetActiveDirectoryMembershipProvider to an LDAP server with Forms Authentication. The user authenticates properly, but the first time a user tries to log in a new browser window causes a delay of over one minute till it authenticates. If the user logs out of the application (but doesn't close the browser) and tries to log back in it only takes around 6-7 seconds to authenticate.
I figure the second authentication is using a cached connection or socket to make up the initial slow behavior. But how do I get around this problem for the first attempt? Can I somehow initiate a connection to the LDAP server during page load thus saving time during the login process?
Note: I've checked over the LDAP connection string and it's as direct as it's going to get.
<add name="ADService" connectionString="LDAP://doctor.at.ad.cynwulfdesign.com/CN=Users,DC=at,DC=ad,DC=cynwulfdesign,DC=com" />
...
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<clear/>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADService"
attributeMapUsername="sAMAccountName"/>
</providers>
</membership>
I happened across the reason why the LDAP was taking so long. At first, I thought it was a problem within the Active Directory database causing a slow response. But it appears that it needed the LDAP port number to speed things up. Once I added ":389" to the LDAP url it went from 1:07 down to :03 seconds to authenticate. It's amazing what adding a port number can do to increase response time. I would have figured it already knew what the default LDAP port was. Live and learn.
<add name="ADService" connectionString="LDAP://doctor.at.ad.cynwulfdesign.com:389/CN=Users,DC=at,DC=ad,DC=cynwulfdesign,DC=com" />