Session in asp.net expiration - asp.net

I am using a session to pass a variable but on the server after logging in the session automatically expires after 2 -3 minutes, What could be the problem?
The webconfig file:
<sessionState timeout="1440" mode="InProc"></sessionState>
<authentication mode="Forms">
<forms name="School" loginUrl="Login.aspx" defaultUrl="default.aspx"
timeout="1440" slidingExpiration="true" protection="All" path="/" />
</authentication>
I changed the timeout but it does not work.

Enable and check the logs and performance counters if the application pool restarts for some (configurable) reason, and loses it's sessions. Examples include if it runs out of memory (more likely if you have a shared app pool), if you have too many errors per minute (possibly "hidden" errors, triggered by for example search engine spiders) or if you are making changes to observed files or in observed folders (like web.config or bin\).
Depending on your session "uptime" requirements, since restarting the application pool will drop ("expire") all of your in process sessions, you could "fix" the issue by using an out of process session state store, like ASP.NET/Windows State Service/Server or SQL Server.
If you feel it's an IIS configuration or server issue more than a code issue, you can always ask on ServerFault.

Your timeout settings for Session and Forms looks fine but there are still many things can go side ways which causes you to think session is timed out. I suggest you to investigate the issue as follows:
Network setup: if your servers are load balanced, make sure the configuration will work with session.
App Pool: Check your application pool refresh/reset rules on IIS. Make sure there is no setting to refresh the pool every 20 requests or the likes.
Task Manager: Look at task manager and see how the IIS worker process doing (w3wp.exe). Is it getting killed off by antivirus program? If so, session will be timed out for sure.
Event log: Lastly, take a look at windows event log. see if there are event entries related to time out.

Add this to your Global.asax.cs
protected void Session_Start(object sender, EventArgs e)
{
Session.Timeout = 240;
}

Related

Session timeout in asp.net on server

I have a asp.net website hosted on the server. On localhost session timeout is working but on server it is not working (Around only 5 min).
I am using following code.
<sessionState
mode="InProc"
timeout="100" />
Please help me.
In some cases, when you increase session timeout, then run web application, session will still expire. There could be few possible reasons for this.
Notice that session timeout should be less than Application pool idle timeout, so if you increase session timeout, you have to increase application idle timeout too. Otherwise, application will get recycled. If application is recycled, sessions will expire automatically.
Also, if you use Forms Authentication, you'll probably need to increase forms timeout too, using markup code in web.config like this:
<system.web>
<authentication mode="Forms">
<forms timeout="60"/>
</authentication>
...
</system.web>
getting more info..see this link http://www.beansoftware.com/ASP.NET-Tutorials/Session-Timeout-Expiration.aspx
And for keep alive your session timeout..find this example for that..
http://www.beansoftware.com/ASP.NET-Tutorials/Keep-Session-Alive.aspx
Set your session timeout minutes in IIS settings of your website on your server.
For IIS steps follow this https://technet.microsoft.com/en-us/library/cc725820(v=ws.10).aspx

ASP.Net MVC: Session duration?

Due to the complex business logic, I had to implement myself the authentication. I'm storing the authentication with:
FormsAuthentication.SetAuthCookie(identifier,false);
The False is to indicate that we don't want to have persistent cookie
I've to also store in session some informations(one information that the user has to enter to login, indicating for which set of data he wants to access).
I'm storing those data through model binder.
It's working fine most of the time. But sometime after an inactivity period, we are still logged but we don't have any data in session.
I would like that the duration of my session is the same than the login session, to avoid this kind of "I'm logged but I've lost some data in the session".
I don't need/want to have a persistent connection.
How should I proceed to have this system?
I believe the FormsAuthentication uses its own timeout. You can configure your web.config accordingly:
<system.web>
<authentication mode="Forms">
<forms timeout="50"/>
</authentication>
<sessionState timeout="50" />
</system.web>
In fact, There was a Session timeout by default in the IIS Application pool, so, to avoid this problem:
Go on IIS Manager
Go on the ServerName/Application Pools tab
Right click on the concerned application pool
Click on Advanced Settings,
In the section "Process Model", put an higher value in the "Idle Time-out"(this is in minutes
Click on OK
Restart the application pool
For me, this + the Yannis config(setting the same value for the form timeout+session state timeout) worked.

Session Time out problem

Dear All
I have a website hosted on the cloud server and I have added
sessionState mode ="InProc" timeout="1440" />
in the web.config file. But the session gets timed out in 1-2 minutes.
I think the web.config settings should override the IIS settings.But it's not working. Is there solution for this?
thanks in advance
Anoop George Thomas
With InProc (in-memory) session state, you will lose session if any of the following conditions occur:
IIS worker process restarts
User is transferred to another worker process on the same webserver, or another webserver
IIS restarts
I would verify that you are not seeing any strange restart behavior on IIS, or if you are bouncing around in your cloud environment.
If your using Forms authentication this has a timeout as well.
<authentication mode="Forms">
<forms timeout="20"/>
</authentication>

Strange logging off on ASP.NET 3.5 website

Please help me I'm getting desperate here trying to find the problem, and I don't know where to start looking for it.
Here are the symptoms:
I've noticed, that when a user logs on in the morning, he is then immediately logged off, then when he logs on again, everything is fine and he can work on the site.
Every once in a while, when the user clicks a link, the page takes a lot of time to load, but it never actually loads, and the user is thrown to the login page.
Also, after an Exception has occurred in the website, the user is then thrown to the login page. It's as if the exception clears somehow the session.
Do any of you know of a situation where this might happen ?
The code I use in every page in my application is as follows :
If (Not User.Identity.IsAuthenticated) Then
Response.Redirect("../login2.aspx")
End If
' If session timeout then return to login screen '
If ((Session("LocationId") Is DBNull.Value) Or (Session("LocationId") Is Nothing))
Then
Response.Redirect("../login2.aspx")
End If
The code in the web.config:
<sessionState cookieless="false" timeout="600" />
<authentication mode="Forms">
<forms timeout="600" />
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
Why are you using that code in every page?
.NET authorization and authentication normally takes care of all those things if you have it set up correctly.
Related to this scenario *`
".... after an Exception has occurred
in the website, the user is then
thrown to the login page. It's as if
the exception clears somehow the
session
I know of one possible situation where it may occur.
It is far fetched especially in a production scenaio for multiple reasons but i have seen it happen :-)
If the session is In Memory and logging is done by writing to a log file that is in the Bin directory of the application, then this may occur as modifying the bin folder of the web application results in the application restarting i.e the in memory session getting lost.
Just one possible scenario. If your session is not in Memory OR your logging mechanism isnt like this, then this doesnt apply to you.
I am turning to all the dot net experts out there because I am really desperate,
let me give another symptom of the problem because it still persists,
the server is a very strong server - intel xeon with a 3 gb ram, so it is probably not a problem of resources.
When the user uses the system continuously there is no problem and she can work freely, the problem arises when the user leaves the computer (or the application for that matter) for as long as 5 minutes, then when she wants to continue working and clicks a link in the application she is thrown to the login page. when she tries to login again, she succeeds, but after she clicks another link, she is thrown out again, then when she logins she can work freely and everything is fine.
Somehow the session is being cleared when the site is idle. let me emphasize that this doesn't happen when I run the app in visual studio, only in iis.
The app was converted from asp.net 2.0 to 3.5,
that's it, thanks
First of all, you need to deny access for non-authenticated (anonymous) users:
<authorization>
<deny users="?" />
</authorization>
Have you configured default and login pages?
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" loginUrl="Login.aspx" defaultUrl="Default.aspx" slidingExpiration="true" timeout="30" />
</authentication>
name sets the name of a cookie, useful if you will use .NET 2.0 built-in security infrastructure (roles, membership, etc)
slidingExpiration enabled normal timeout behavior - any user action resets timeout
If you are just using the normal session functionality in asp.net I believe that the session times out after 15-30 minutes of inactivity (I typically don't use session so I remember it is somewhere in this range). Every postback to the server resets this timer so if a user is active doing things then they won't hit this time out.
For the page taking a long time to load it is most likely due to the worker process recycling and that user is the first user to access the site after a recycle which triggers IIS to do all of it's compilation stuff and then serve the page which causes the delay. This only happens for the first visitor after a worker process recycle. You can change this behavior in IIS to happen on a schedule rather than after a certain amount of time has passed without activity. This will cause your worker process to take up more memory though so depending on your environment this might not be a good change to make.
EDIT: I should add that the code you posted explains exactly why the user is kicked back to the login page. It is checking to make sure that there is something in the session and if there isn't anything there it kicks the user back to the login page. So if they are inactive for too long your session times out, so it is cleared, and the user is kicked back to the login page by your code. Also you should use FormsAuthentication.RedirectToLoginPage(); for your redirect instead of Response.Redirect. This way after logging in they go back to the page they requested originally.

asp.net Session expires early

I have user log in logic in my web app. after successful log in, i set the user id in Session, so i can keep track of the user. and in my master file page load event, i do
Session.timeout = 60
so session should timeout after an hour. but my session times out at around 10 - 20 minutes. What am i doing wrong? i bet it's obvious.
It is probably due to your IIS settings. In IIS the default timeout for a session is 20 min.
Use the IIS manager to change it.
Have you tried setting it in your web.config instead of server side code?
<configuration>
<system.web>
<sessionState
mode="InProc"
cookieless="true"
timeout="60" />
</system.web>
</configuration>
If your app is crashing and re-starting at all, your sessions will be lost.
I'd setup some Health Monitoring and setup a notification for your app re-starting. If it happen more often than your 20 minutes then something is crashing your app.

Resources