IIS 7.0 Session expiring ASP.net - asp.net

This is the syntax am using in web.config.
But my session get expire within 10 to 15 minutes not staying upto 2 hrs.
<sessionState cookieless="UseCookies" cookieName="ASP.NET_SessionId180"
mode="InProc" timeout="120" />

One possible cause is that the application domain gets recycled by IIS. And since you are using InProc session state the whole memory of the AppDomain gets wiped out. IIS could recycle the AppDomain under different circumstances: certain period of inactivity or CPU/memory threshold limits are reached.
You can read more about this in the following blog post.

The "worker" is most likely the one who causes your problem. If it recycle it will reset the session if its idle long enough.
Check your IIS AppPool setting and increase the idle timeout setting.

As you use the InProc session state, it's possible that the pool is recycled due to some actions: modifying web.config, copying files to the bin folder,...
Check also the recycling parameters of the pool.
You can try to use the StateServer option for your session. To do this, you need to start the ASP.NET state service and check that your objects are marked as serializable.

Related

Will Session be expired by IdleTimeout of IIS?

I have <sessionState cookieless="false" mode="InProc" timeout="120" /> in my web.config.
But looks like session is expired by IIS Idle timeout which is 20 minutes.
I can't change Idle Timeout manually in IIS, because I have a lot of instances. Can I change it via code or .config files?
Or maybe it's not actually the reason of session expiration?
When these settings are configured, a worker process will shut down after a specified period of inactivity
, from here.
InProc means a session is tracked by a cached record in process memory. Thus, whenever the process exits (with exceptions or not), that session is gone.
Then of course idle timeout of IIS matters in your case, as it can shut down the worker process, and in turn kill the sessions.

ASP.Net Session.Timeout - Is StateServer and Programmatic Session.Timeout Good Enough?

Reading around, it looks like changing asp.net session time when using the InProc model requires two changes...
web.config - Application Pool Idle
Timeout - Seems you should set this >= Session.Timeout
I gathered this from reading http://asp-net.vexedlogic.com/2012/05/23/aspasp-net-session-timeout-how-do-i-change-it/.
So, if I don't have the luxury of changing timeouts on application pools, I'm wondering if I change to use StateServer and then programmatically set Session.Timeout as described in the article above, do I need to worry about what web.config #timeout and application pool idle settings are set at? Will my two actions take care of everything?
If it does take care of it, I guess the next question is whether or not anyone knows how performance compares from InProc vs StateServer.
Thanks in advance.
From my understanding, if you switch from in-proc to state server the idle timeout (in IIS) setting won't have an effect on your session state timeout.
There will still be worker processes that may be terminated in the application pool if there is no activity (if the idle timeout is passed) but the session state (i.e. the user session and application session values) will be maintained beyond this. Your session timeout should just be controlled by the timeout value set in the configuration (from here) i.e.
<configuration>
<system.web>
<sessionState mode="StateServer"
stateConnectionString="tcpip=SampleStateServer:42424"
cookieless="false"
timeout="20"/>
</system.web>
</configuration>
Inproc is faster than StateServer as your session data needs to be serialised / deserialised when it's stored. It may also be stored on a separate machine which may introduce some latency. But of course there are the advantages of State Server i.e. Session state persistence between application restarts (app pool recycling), state can be shared across multiple servers in a web-farm.
This question also discusses pros and cons of using the State Server mode.

Session timeout after 30 minutes in asp.net

I store some information in Session but the Session gets destroyed each time. I don't know why this is happening. I am using IIS7.
This is the setting which I have made:
<sessionState cookieless="AutoDetect" mode="InProc" timeout="120" />
I am storing some information while the user is getting registering but my client complains that when he sits idle for 20-30 minutes the information is lost. I am running application in one custom defined application pool whose idle timeout is 20 minutes (in properties of app pool). Can that be the problem?
Secondly even though I have specified timeout to be 120 minutes but when I click on "Session state" icon in IIS7 it doesn't show 120 minutes anywhere. What can be the problem?
Update: In cookie settings in "Session state" in IIS7 I see timeout as 5 minutes for Asp_NetSessionId. Can that be the culprit?
Well if your application pool is being destroyed after 20 minutes then that would be a problem considering your session is inproc. Increase the timeout of the application pool to be 120 minutes
If you store your session InProc, then every 20 minutes the application will be restarted, and all the sessions are lost.
Run the StateServer service and use
<sessionState mode="StateServer" timeout="120" />
in web.config. Then you don't care how often the app is restarted, you can even upload new version and the sessions will be kept.
Yes, When you specify an idle timeout in AppPool settings, it basically kills your worker process which in turn destroys your session.
You'll see the value under Cookie Settings tab as one of the ways to handle InProc session is via Cookies.

What is killing my users' Asp.net session?

We are having an intermittent problem with some users losing session. Our session settings in the web.config are as follows:
<sessionState mode="InProc" timeout="1440"/>
...which should be 24 hours (a value deliberately set over the top during testing).
Are there any other settings (maybe in IIS7) that I need to be aware of? Or are there any resources that will list the things that could kill a user's session?
Let me know if you need more information.
Thanks!
Dave
Changing the web.config file, or any of the dlls will cause the session to be destroyed, as will the recycling of app pools (this is usually set to a timeout of 20 mins of inactivity, but will also occur under certain exception conditions and possibly memory conditions)
Check Application Pool settings. There are several things there that can interfere with this:
Process recycling settings;
Several processes (then each would be keeping its own session stash);
Changing web.config or other web related files recycles the process immediately.
Anything that recycles the application pool will kill InProc session state.
Check the properties on the application pool by default there are several settings which may cause the pool to recycle in less then 24 hours.
Typically when testing there is little activity on the site and you fall foul of the pool idle timeout.
Thanks for all the replies, it seems it was because the App Pool was set to recycle at 3am and some of the users were just leaving themselves logged in over night and then just carrying on in the morning! We've added better session timeout handling now.
Thanks again!

How to force a 20 minute time-out for sessions?

I'm very confused when it comes to what actually decides the session time-out.
The web app needs to allow for a 20 minute "idle time" before logging (or throwing) users out. I've tried different setting on both sessionState and Recycle worker processes in IIS. The time-out remains too short and, as far as my quit-n-dirty, primitive tests have shown, a bit random.
I read somewhere that the default time-out is 20 minutes, but in my app it appears to be closer to five. Are there any easy ways to change this? The app is running .NET 3.5 on IIS 6.
EDIT:
I just realized that the Entity Framework might have something to do with the problem, as the user content is held as a context in the entity framework. Is there any time limit for how long an entity is held?
The user will be logged out based on your Authentication settings in the web.config.
The Session timout will be set in your session tag in the web.config.
If they are different then you will see "interesting" results.
http://msdn.microsoft.com/en-us/library/ms972429.aspx
If you look in the web.config you can write some thing like this
<configuration>
<sessionstate timeout="20" />
</configuration>
and there you can set you timeout..
Use the sessionstate timeout. You do not want to use Recycle Worker, as this will recycle all sessions associated with that worker, every N minutes. It's a good idea to set Recycle Worker to a very high value if you are using the session variable.

Resources