Session timeout in web application on window Azure platform - asp.net

I need your help to sort out one problem with session timeout in my application which are hosted on Azure platform.
I have developed web application in asp.net and make login functionality with session and put following code maintain timeout period for session like
<sessionState mode="InProc" timeout="20"></sessionState>
It working fine on local system but when i will tested it with live URL on Azure platform it will signout frequently (session expired).
Can any one please suggest me how can i resolve this issues?
Thanks
Arun.

Are you running more than one WebRole instance? Remember, "InProc" session-state will not be shared across multiple web-role instances. In fact, InProc session state is "evil" in the cloud world, will not work for any deployments with more than 1 instance running. You really want to use another provider, like Session provider for AppFabric Cache

Are you sure the session is expiring? If you are using ASP.NET forms authentication there is another timeout to consider (here I have set it to 180 mins)
<authentication mode="Forms">
<forms loginUrl="Login/" timeout="180"/>
</authentication>
If you do have multiple instances Igorek is right - the session will not be shared.
Please see how-does-microsoft-azure-handle-session-state/1023125#1023125
or refer to the Azure SDK for more information.

Related

Sharing ASP.NET session info between applications in a single application pool and worker process

Can ASP.NET applications in a common application pool share session information if they are in separate threads in a single worker process? One of my applications is having issues related to not having any of the session information it needs from the other application, but I used Trace.axd to confirm that requests to each application are using the same session identifier.
I resolved the issues we were experiencing by making our applications "cookieless".
I updated the web.config file for the applications as follows:
<!--sessionState mode="InProc" cookieless="false" timeout="30" /-->
<sessionState mode="InProc" cookieless="true" timeout="30" />
If anyone can explain why this works, I would appreciate the education.
Thank you to all who offered suggestions.
ASP.NET session is scoped "within" application if using out-of-the-box session providers, so each application will have its own session even if the session id/key value appears to be the same. But since the requests to each application are using the same session identifier value, you appear to be well set to implement a custom SessionStateStoreProvider that can store/retrieve data using this identifier across both applications.
You could also have a look at Sharing sessions across applications using the ASP.NET Session State Service, but since this approach involves modifying the workings of the stock SQL session store provider, you'd risk spillover effects on other sites/applications.
I thik it could be helpfull Sharing Aspnet Session across different domains there's no other way.
you cannot share a session between different domain.
there's another solution that could be pass all data via querystring to the other domain so it can rebuild the right session values.
Personally i will invite you to use encrypted value to be sure that are not visibile if you will choose GET option.

Enabling sticky sessions on a load balancer

Any advise on this one would be greatly appreciated, I've been researching all morning and I'm still scratching my head. I started at a new company a few weeks ago, where I'm the only .NET developer as the development was originally done by an outsourcing company and I've been asked to research.
My knowledge of the existing system is extremely limited but from what I can gather the situation is as follows.
We would like to enable sticky sessions on an asp.net web site. From my research I have gathered, I need to do the following steps. We are using the ASP.NET State Service
The setup is a load balance server which services two web servers.
Ensure that both web servers have the same machine key.
Ensure that the websites have been precompiled before deployment. For serialisation of objects by ASP.NET State Service.
Ensure that the application path on the iis metabase is identical on both web servers.
I bit of knowledge I'm lacking is where are the sessions are stored. Are the sessions stored on the load balancer, can they be stored on the load balancer? From what I've read they are stored by the ASP.NET State Service, should the service be running on the load balancer therefore the sessions are stored o the load balancer.
From what I understand the ASP.NET state service runs on each of the web servers and they just talk to each other so that the sessions are stored across both servers. I assume that the way they do this is based on the type of algorithm that is used. Any information would be greatly appreciated.
zeencat, take a look at http://msdn.microsoft.com/en-us/library/ms178586.aspx at the State Server Mode section:
StateServer mode stores session state in a process, referred to as the ASP.NET state service, that is separate from the ASP.NET worker process or IIS application pool.
Using this mode ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.
To use StateServer mode, you must first be sure the ASP.NET state service is running on the server used for the session store. The ASP.NET state service is installed as a service when ASP.NET and the .NET Framework are installed.
From what I understand the ASP.Net state service runs on one server, as a service called ASP.NET state service, both servers will have the same web.config file:
<configuration>
<system.web>
<sessionState mode="StateServer"
stateConnectionString="tcpip=SampleStateServer:42424"
cookieless="false"
timeout="20"/>
</system.web>
</configuration>
This way, the session is stored on the server who hosts the service.
Hope it helps,
[]
Also look at using ElastiCache if you are in AWS or Redis if on premise as your ASP.NET session store instead of using sticky sessions. It has more advantages in terms of auto-scaling, load balancing and I would say performance. More info at http://blogs.msdn.com/b/webdev/archive/2014/05/12/announcing-asp-net-session-state-provider-for-redis-preview-release.aspx

Shared authentication between two servers

I've set up the same site on two servers sitting behind a load balancer. I have the following in my web.config file
<sessionState mode="SQLServer" cookieless="false" allowCustomSqlDatabase="true"
sqlConnectionString="Data Source=server;Initial Catalog=ASPState;Persist Security
Info=True;User ID=user;Password=password" timeout="2880" sqlCommandTimeout="10" />
It appears to be working, I can see the ASPState tables populating when I log in, however I see that if I refresh several times after logging in it goes back and forth between being logged in and not logged in depending on which server I hit. Am I missing something?
I'm using the default webmatrix authentication built into MVC 4.
This ca be because you have different MachineKeys on your servers or the have the default value. And because of this you authentication cookies are encrypted in two different ways.
Try setting the machineKey in your web.config. Here is tool that helps generating the machineKey http://aspnetresources.com/tools/machineKey
As this post explains you will need to have the same Application ID on both servers.
"When you create applications that you expect to share session state using Sql Server, they need the same ID configured in IIS. This is because the session ID that is generated is generated based on the application ID. (Internally the application ID is something like LM/W3SVC/1
The two servers had different IDs for each application in IIS. The resolution is to change the ID under `Manage Website -> Advanced Settings' on each server."
Cheers

How to maintain Forms authentication session state between Azure Web Roles?

I have deployed a RIA Services enabled Silverlight Business application on Azure that uses Forms authentication.
To enable Forms authentication on Azure, I have implemented the Table Storage providers from the Azure Toolkit. It almost works, but I have problems with keeping the session state. After I have logged in, and repeatedly presses F5 to refresh the page I switch between being logged in and logged out.
I have two Web Role Instances, and if I disable one of the it works like a charm. But as soon as I enable the second instance it's back to this sporadic behaviour. So clearly the state is not preserved because of the load balancing. Fine, I forgot to implement the Session provider, so I did:
<sessionState mode="Custom" customProvider="TableStorageSessionStateProvider">
<providers>
<clear />
<add name="TableStorageSessionStateProvider"
type="Microsoft.Samples.ServiceHosting.AspProviders.TableStorageSessionStateProvider"
applicationName="AppAdmin"
/>
</providers>
</sessionState>
Sadly, that didn't help.
Update: The actual table (Session) is created in the Table Storage, but no data is in there.
Any ideas and/or suggestions?
Have you set your machine key in web.config?

How do I configure the Out Of Process Session Provider? (ASP.NET - IIS7)

I'd like to experiment with the out of process session provider in ASP.NET/IIS7 (non-in memory). I understand that then a different process is taking care of my session state, so that I could restart the application domain/w3wp without losing session information.
However, how do I set this up, preferably pretty much transparent to my web application?
Thank you!
Please see Configuring Out-of-Process Session State with the ASP.NET State Service (IIS 6.0):
If you decide to manage session state
by using the ASP.NET state service,
you must determine whether you are
going to maintain session state for a
Web garden or a Web farm. Then you
need to ensure that the ASP.NET state
service (Aspnet_state.exe) is running
and, that it is configured to start
automatically.

Resources