asp.net session expires before the time limit - asp.net

I Have asp.net application in which i am using open id of google for authentication and i used to display the email address returned from google on a label control like this in vb.net
lblemail.Text = Session("U_EMAIL").ToString()
Problem is that after some time this error displays and i have to re login and then page works normaly error is Obeject Reference is not Set To an Instance of Object on this line
lblemail.Text = Session("U_EMAIL").ToString()
I tried to increase the limit of session in web.config like
<system.web>
<sessionState mode="InProc" cookieless="false" regenerateExpiredSessionId ="true" timeout="129600" />
But Still No Difference because when page loads and after some time the above error displayed please help me to remove this error

There maybe is other things that happens to your website. Is it in dev? You maybe restart the webserver. The Application pool get's restarted if you change many files in your websites folder, or if you touch anything in the bin directory.

Related

ASP.NET ReportViewer error "ASP.NET session has expired or could not be found"

My organization has an ASP.NET application which is a wrapper for our SSRS reports. This app essentially just gives users a series of dropdown menus to navigate to their reports rather than making users navigate to reports via the default SSRS report manager pages.
In this application we have had users experiencing errors, specifically an error: "ASP.NET session has expired or could not be found". This was happening to users after attempting to change a report parameter and re-running the report, after only a few minutes of viewing reports.
I have attempted to use KeepSessionAlive="true"` within my ReportViewer control in combination with extending the Session Timeout value in our web.config. Neither of those things did the trick to resolve this error.
As per the msdn article on Session-State modes available at: https://msdn.microsoft.com/en-us/library/ms178586.aspx
We ended up switching this from the default InProc mode to StateServer mode and haven't been able to reproduce the error since. Using StateServer mode had an extra hoop to jump through though, in that we had to enable the ASP.NET State Service on our server, set it to Automatic Startup type and then update our web.config sessionState value from:
<sessionState timeout="120"/>
to:
<sessionState mode="StateServer" stateConnectionString="tcpip=localhost:42424" timeout="120"/>

Session getting expired in asp.net

I am having an asp.net website. I have set Session Timeout in webconfig to 60min but still if I keep browser ideal for even 10-15 min my session gets expire and website gets Logout. Why is this happening can anyone please suggest
webconfig
<system.web>
<sessionState timeout="60" />
</system.web>
There are many ways to achieve this
Control Panel -> Administrative Tools -> IIS Manager -> Select desired web site -> in ASP.NET section on right side open Session State -> and finally, in text box named "Time-out (in minutes)"
another way
`

Asp.net Validation of viewstate MAC failed

I am receiving the following error at certain times on asp.net website.
Sys.WebForms.PageRequestManagerServerErrorException:
Validation of viewstate MAC failed.
If this application is hosted by a Web Farm or cluster,
ensure that <machineKey> configuration specifies the
same validationKey and validation algorithm.
AutoGenerate cannot be used in a cluster.
When page refresh goes,no problem.How can I solve this problem?
Microsoft says to never use a key generator web site.
Like everyone else here, I added this to my web.config.
<System.Web>
<machineKey decryptionKey="ABC123...SUPERLONGKEY...5432JFEI242"
validationKey="XYZ234...SUPERLONGVALIDATIONKEY...FDA"
validation="SHA1" />
</system.web>
However, I used IIS as my machineKey generator like so:
Open IIS and select a website to get this screen:
Double click the Machine Key icon to get this screen:
Click the "Generate Keys" link on the right which I outlined in the pic above.
Notes:
If you select the "Generate a unique key for each application"
checkbox, ",IsolateApps" will be added to the end of your keys. I had
to remove these to get the app to work. Obviously, they're not part
of the key.
SHA1 was the default encryption method selected by IIS and if you change it, don't forget to change the validation property on machineKey in the web.config. However, encryption methods and algorithms evolve so please feel free to edit
this post with the updated preferred Encryption method or mention it
in the notes and I'll update.
If you're using a web farm and running the same application on multiple computers, you need to define the machine key explicitly in the machine.config file:
<machineKey validationKey="JFDSGOIEURTJKTREKOIRUWTKLRJTKUROIUFLKSIOSUGOIFDS..." decryptionKey="KAJDFOIAUOILKER534095U43098435H43OI5098479854" validation="SHA1" />
Put it under the <system.web> tag.
The AutoGenerate for the machine code can not be used. To generate your own machineKey see this powershell script:
https://support.microsoft.com/en-us/kb/2915218#bookmark-appendixa
I had this problem, and for me the answer was different than the other answers to this question.
I have an application with a lot of customers. I catch all error in the application_error in global.asax and I send myself an email with the error detail. After I published a new version of my apps, I began receiving a lot of Validation of viewstate MAC failed error message.
After a day of searching I realized that I have a timer in my apps, that refresh an update panel every minute. So when I published a new version of my apps, and some customer have left her computer open on my website. I receive an error message every time that the timer refresh because the actual viewstate does not match with the new one. I received this message until all customers closed the website or refresh their browser to get the new version.
I'm sorry for my English, and I know that my case is very specific, but if it can help someone to save a day, I think that it is a good thing.
This solution worked for me in ASP.NET 4.5 using a Web Forms site.
Use the following site to generate a Machine Key (for example only use secure method in production): http://www.blackbeltcoder.com/Resources/MachineKey.aspx
Copy Full Machine Key Code.
Go To your Web.Config File.
Paste the Machine Key in the following code section:
<configuration>
<system.web>
<machineKey ... />
</system.web>
</configuration>
You should not see the viewstate Mac failed error anymore. Each website in the same app pool should have a separate machine key otherwise this error will continue.
Dear All with all respict to answers up there
there are case gives this error
when web.config value is
<httpCookies httpOnlyCookies="true" requireSSL="true"/>
and link is http not https
On multi-server environment, this error likely occurs when session expires and another instance of an application is resorted with same session id and machine key but on a different server. At first, each server produce its own machine key which later is associated with a single instance of an application. When session expires and current server is busy, the application is redirected like, via load balancer to a more operational server. In my case I run same app from multiple servers, the error message:
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that configuration specifies
the same validationKey and validation algorithm
Defining the machine code under in web.config have solve the problem.
But instead of using 3rd party sites for code generation which might be corrupted, please run this from your command shell:
Based on microsoft solution 1a, https://support.microsoft.com/en-us/kb/2915218#AppendixA
# Generates a <machineKey> element that can be copied + pasted into a Web.config file.
function Generate-MachineKey {
[CmdletBinding()]
param (
[ValidateSet("AES", "DES", "3DES")]
[string]$decryptionAlgorithm = 'AES',
[ValidateSet("MD5", "SHA1", "HMACSHA256", "HMACSHA384", "HMACSHA512")]
[string]$validationAlgorithm = 'HMACSHA256'
)
process {
function BinaryToHex {
[CmdLetBinding()]
param($bytes)
process {
$builder = new-object System.Text.StringBuilder
foreach ($b in $bytes) {
$builder = $builder.AppendFormat([System.Globalization.CultureInfo]::InvariantCulture, "{0:X2}", $b)
}
$builder
}
}
switch ($decryptionAlgorithm) {
"AES" { $decryptionObject = new-object System.Security.Cryptography.AesCryptoServiceProvider }
"DES" { $decryptionObject = new-object System.Security.Cryptography.DESCryptoServiceProvider }
"3DES" { $decryptionObject = new-object System.Security.Cryptography.TripleDESCryptoServiceProvider }
}
$decryptionObject.GenerateKey()
$decryptionKey = BinaryToHex($decryptionObject.Key)
$decryptionObject.Dispose()
switch ($validationAlgorithm) {
"MD5" { $validationObject = new-object System.Security.Cryptography.HMACMD5 }
"SHA1" { $validationObject = new-object System.Security.Cryptography.HMACSHA1 }
"HMACSHA256" { $validationObject = new-object System.Security.Cryptography.HMACSHA256 }
"HMACSHA385" { $validationObject = new-object System.Security.Cryptography.HMACSHA384 }
"HMACSHA512" { $validationObject = new-object System.Security.Cryptography.HMACSHA512 }
}
$validationKey = BinaryToHex($validationObject.Key)
$validationObject.Dispose()
[string]::Format([System.Globalization.CultureInfo]::InvariantCulture,
"<machineKey decryption=`"{0}`" decryptionKey=`"{1}`" validation=`"{2}`" validationKey=`"{3}`" />",
$decryptionAlgorithm.ToUpperInvariant(), $decryptionKey,
$validationAlgorithm.ToUpperInvariant(), $validationKey)
}
}
Then:
For ASP.NET 4.0
Generate-MachineKey
Your key will look like: <machineKey decryption="AES" decryptionKey="..." validation="HMACSHA256" validationKey="..." />
For ASP.NET 2.0 and 3.5
Generate-MachineKey -validation sha1
Your key will look like: <machineKey decryption="AES" decryptionKey="..." validation="SHA1" validationKey="..." />
WHAT DID WORK FOR ME
Search the web for "MachineKey generator"
Go to one of the sites found and generate the Machine Key, that will look like... (the numbers are bigger)
...MachineKey
validationKey="0EF6C03C11FC...63EAE6A00F0B6B35DD4B" decryptionKey="2F5E2FD80991C629...3ACA674CD3B5F068"
validation="SHA1" decryption="AES" />
Copy and paste into the <system.web> section in the web.config file.
If you want to follow the path I did...
https://support.microsoft.com/en-us/kb/2915218#AppendixA
Resolving view state message authentication code (MAC) errors
Resolution 3b: Use an explicit <machineKey>
By adding an explicit <machineKey> element to the application's Web.config file, the developer tells ASP.NET not to use the auto-generated cryptographic key. See Appendix A for instructions on how to generate a <machineKey> element.
http://blogs.msdn.com/b/amb/archive/2012/07/31/easiest-way-to-generate-machinekey.aspx
Easiest way to generate MachineKey - Ahmet Mithat Bostanci - 31 Jul 2012
You can search in Bing for "MachineKey generator" and use an online service. Honestly...
http://www.blackbeltcoder.com/Resources/MachineKey.aspx
my problem was this piece of javascript code
$('input').each(function(ele, indx){
this.value = this.value.toUpperCase();
});
Turns it was messing with viewstate hidden field so I changed it to below code and it worked
$('input:visible').each(function(ele, indx){
this.value = this.value.toUpperCase();
});
This error message is normally displayed after you have published your website to the server.
The main problem lies in the Application Pool you use for your website.
Configure your website to use the proper .NET Framework version (i.e. v4.0) under the General section of the Application Pool related to your website.
Under the Process Model, set the Identity value to Network Service.
Close the dialog box and right-click your website and select Advanced Settings... from the Manage Website option of the content menu. In the dialog box, under General section, make sure you have selected the proper name of the Application Pool to be used.
Your website should now run without any problem.
Hope this helps you overcome this error.
Validation of viewstate MAC failed. If this application is hosted by a web farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Answer :
<machineKey decryptionKey="2CC8E5C3B1812451A707FBAAAEAC9052E05AE1B858993660" validation="HMACSHA256" decryption="AES" validationKey="CB8860CE588A62A2CF9B0B2F48D2C8C31A6A40F0517268CEBCA431A3177B08FC53D818B82DEDCF015A71A0C4B817EA8FDCA2B3BDD091D89F2EDDFB3C06C0CB32" />
I had this same issue and it was due to a Gridview (generated from a vb code) on the page which had sorting enabled. Disabling Sort fixed my issue. I do not have this problem with the gridviews created using a SQLdatasource.
I am not sure how this happened but I started to get this error in my internal submit form pages. So when ever I submit something I'm getting this error. But the problem is this website is almost working 5-6 years. I don't remember I made an important change.
None of the solutions worked for me.
I have setup a machine key with the Microsoft script and copied into my web.config
I have executed asp.net regiis script.
aspnet_regiis -ga "IIS APPPOOL\My App Pool"
Also tried to add this code into the page:
enableViewStateMac="false"
still no luck.
Any other idea to solve this issue?
UPDATE:
Finally I solved the issue.
I had integrated my angular 4 component into my asp.net website.
So I had added base href into my master page. So I removed that code and it is working fine now.
<base href="/" />
There are another scenario which was happening for my customers. This was happening normally in certain time because of shift changes and users needed to login with different user.
Here is a scenario which Anti forgery system protects system by generation this error:
1- Once close/open your browser.
2- Go to your website and login with "User A"
3- Open new Tab in browser and enter the same address site. (You can see your site Home page without any authentication)
4- Logout from your site and Login with another User(User B) in second tab.
5- Now go back to the first Tab which you logged in by "User A". You can still see the page but any action in this tab will make the error.
Because your cookie is already updated by "User B" and you are trying to send a request by an invalid user. (User A)
<system.web>
<pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />
</system.web>
I have faced the similar issue on my website hosted on IIS. This issue generally because of IIS Application pool settings. As application pool recycle after some time that caused the issue for me.
Following steps help me to fix the issue:
Open App pool of you website on IIS.
Go to Advance settings on right hand pane.
Scroll down to Process Model
Change Idle Time-out minutes to 20 or number of minutes you don't want to recycle your App pool.
Then try again . It will solve your issue.
I've experienced the same issue on our project. This Microsoft support web page helped me to find the cause. And this solution helped to sort out the issue.
In my case the issue was around ViewStateUserKey as Page.ViewStateUserKey property had an incorrect value (Caused 4 in here). Deleting localhost certificates and recreating them by repairing IIS Expres as mentioned in here fixed the issue.
Thats worked for me
Just add it :
between
system.web section
<system.web>
</system.web>

IIS, Session State and Virtual Directories

I've created a web site with ASP.NET 2.0 and I'm using a session variable to determine if a user has filled out an age verification form. Everything works as expected (I can read the session variable on all pages) until a user goes to a virtual directory. When they do so, the page can't read the session variable.
After much research, I've so far done the following.
Turn on the ASP.NET State Service
Added a sessionState node to my web.config files, changing the mode to StateServer (for the web site and virtual directory).
<sessionState
mode="StateServer"
cookieless="false"
timeout="20"
stateConnectionString="tcpip=127.0.0.1:42424"
/>
Generated a new machineKey and added it to both the site and the virtual directory...
<machineKey
validationKey="...128..."
decryptionKey="...64..."
validation="SHA1"
decryption="AES"
/>
Created a new application pool and made sure both the web site and it's virtual directory are using the same application pool.
If I write out the session id <%= Session.SessionId %> it is the same on pages in and out of the virtual directory (it's the same throughout the site). I just can't get that session variable! Does anyone know what else I can try to get this to work??
Thanks.
Different virtual directory = different application and applications don't share session data between them. Perhaps a redesign of your applications to avoid this?
Here is a possible solution to sharing session data between ASP.NET applications.
Passing session data between ASP.NET Applications
From everything I can tell, it's not possible to do what I wanted to do. What's worse, I decided to use cookies instead of session variables, thinking that since cookies are created and maintained by the client and based on the domain, that would work. Unfortunately, somehow when created with C#/ASP.NET even cookies can't be shared. So I had to use C# to insert Javascript to create cookies so I could do what I wanted. End result is an inelegant solution to what should be a simple problem (IMHO).

Why does a change of Session State provider lead to an ASPx page yielding garbage?

I have an aspnet webapp which has worked very well up until now.
I was recently asked to explore ways of making it scale better.
I found that seperation of database and Webapp would help.
Further I was told that if I changed my session providing mechanism to SQLServer, I would be able to duplicate the Web Stack to several machines which could each call back to the state server allowing the load to be distirbuted better.
This sounds logical. So I created an ASPState database using ASPNet_RegSQL.exe as detailed in many locations across the web and changed the web.config on my app from:
<sessionState mode="InProc" cookieless="false" timeout="20" />
To:
<sessionState mode="SQLServer"
sqlConnectionString="Server=SomeSQLServer;user=SomeUser;password=SomePassword"
cookieless="false" timeout="20" />
Then I addressed my app, which presented me with its logon screen and I duly logged in.
Once in I was presented, with a page that was not with the page I was expecting.
I can change the sessionstate back and forth. This problem goes away and then comes back based on which set of configuration I use.
Why is this happening?
Nice error Dude :)
Probably a red-herring, but what are you storing in Session state?
When you move from InProc to SQL Server, the stuff you store in SQL must be Serializable (I think)
Use Fiddler to see what's really going on over the wire. To me it looks like your app is sending back an image when the browser is expecting HTML.

Resources