Session timeout after 30 minutes in asp.net - asp.net

I store some information in Session but the Session gets destroyed each time. I don't know why this is happening. I am using IIS7.
This is the setting which I have made:
<sessionState cookieless="AutoDetect" mode="InProc" timeout="120" />
I am storing some information while the user is getting registering but my client complains that when he sits idle for 20-30 minutes the information is lost. I am running application in one custom defined application pool whose idle timeout is 20 minutes (in properties of app pool). Can that be the problem?
Secondly even though I have specified timeout to be 120 minutes but when I click on "Session state" icon in IIS7 it doesn't show 120 minutes anywhere. What can be the problem?
Update: In cookie settings in "Session state" in IIS7 I see timeout as 5 minutes for Asp_NetSessionId. Can that be the culprit?

Well if your application pool is being destroyed after 20 minutes then that would be a problem considering your session is inproc. Increase the timeout of the application pool to be 120 minutes

If you store your session InProc, then every 20 minutes the application will be restarted, and all the sessions are lost.
Run the StateServer service and use
<sessionState mode="StateServer" timeout="120" />
in web.config. Then you don't care how often the app is restarted, you can even upload new version and the sessions will be kept.

Yes, When you specify an idle timeout in AppPool settings, it basically kills your worker process which in turn destroys your session.
You'll see the value under Cookie Settings tab as one of the ways to handle InProc session is via Cookies.

Related

ASP.Net random Session timeout

Mine is a Windows authenticated asp.net solution (framework v4.0). Implemented a 20 minutes session timeout, with Inproc mode and is mentioned in the web config file.
<authentication mode="Windows" />
<sessionState mode="InProc" timeout="20" />
The application is running as a separate app pool and the idle time-out value is set to 20 minutes.
The application is hosted in IIS 7.5.
But, the application timeouts randomly from 5 to 7 minutes, sometimes even within a minute.
According to the Eventviewer only 20 minutes timeout events are logged.
Any suggestion on what I'm missing ?
Note: My application runs in a separate pool.
Update
Another thing that i noticed today in the server where application is hosted is, in the IIS coulnd't find the Session State icon. Also when i checked the Services window found that the ASP.NET State Service's startup type is Disabled. Should these two things be present in the server for an ASP.Net application to to track Session whose session mode is set to "InProc".

Will Session be expired by IdleTimeout of IIS?

I have <sessionState cookieless="false" mode="InProc" timeout="120" /> in my web.config.
But looks like session is expired by IIS Idle timeout which is 20 minutes.
I can't change Idle Timeout manually in IIS, because I have a lot of instances. Can I change it via code or .config files?
Or maybe it's not actually the reason of session expiration?
When these settings are configured, a worker process will shut down after a specified period of inactivity
, from here.
InProc means a session is tracked by a cached record in process memory. Thus, whenever the process exits (with exceptions or not), that session is gone.
Then of course idle timeout of IIS matters in your case, as it can shut down the worker process, and in turn kill the sessions.

Asp.Net (MVC): Which session timeout is what?

I've made one Asp.net MVC website, and I'm very confused between the different timeout settings.
What is the difference between:
SessionState Timeout in web.config:
Application pool timeout
Asp.Net Session timeout property
Which one should I set if I want to have a timout of (say) 6 hours? All of them? Only some?
The application pool timeout is the length of time the site has to be idle for before the application pool will shut down the worker process to release resources. The downside is that when the next visitor comes to the website it takes a long time to restart things so that first request after a shutdown will be quite slow.
IIS7 Application Pool Idle Time-out Settings
The session timeout refers to the session id that a user gets on first request to the site, and when that expires.
I think the ASP one that you've included the screenshot of is for classic ASP, not ASP.NET.
So to increase the session timeout you would use the one in the config file.
There's also a Session state section when you click on the website in IIS that you could possibly use either and there's a timeout at the bottom of the page for it.
But if the value for the application pool timeout is shorter, then your session setting will be irrelevant as the worker process will shut down before the session expires. So you should also change your application pool settings.
Session Time out in IIS 7

IIS 7.0 Session expiring ASP.net

This is the syntax am using in web.config.
But my session get expire within 10 to 15 minutes not staying upto 2 hrs.
<sessionState cookieless="UseCookies" cookieName="ASP.NET_SessionId180"
mode="InProc" timeout="120" />
One possible cause is that the application domain gets recycled by IIS. And since you are using InProc session state the whole memory of the AppDomain gets wiped out. IIS could recycle the AppDomain under different circumstances: certain period of inactivity or CPU/memory threshold limits are reached.
You can read more about this in the following blog post.
The "worker" is most likely the one who causes your problem. If it recycle it will reset the session if its idle long enough.
Check your IIS AppPool setting and increase the idle timeout setting.
As you use the InProc session state, it's possible that the pool is recycled due to some actions: modifying web.config, copying files to the bin folder,...
Check also the recycling parameters of the pool.
You can try to use the StateServer option for your session. To do this, you need to start the ASP.NET state service and check that your objects are marked as serializable.

How to force a 20 minute time-out for sessions?

I'm very confused when it comes to what actually decides the session time-out.
The web app needs to allow for a 20 minute "idle time" before logging (or throwing) users out. I've tried different setting on both sessionState and Recycle worker processes in IIS. The time-out remains too short and, as far as my quit-n-dirty, primitive tests have shown, a bit random.
I read somewhere that the default time-out is 20 minutes, but in my app it appears to be closer to five. Are there any easy ways to change this? The app is running .NET 3.5 on IIS 6.
EDIT:
I just realized that the Entity Framework might have something to do with the problem, as the user content is held as a context in the entity framework. Is there any time limit for how long an entity is held?
The user will be logged out based on your Authentication settings in the web.config.
The Session timout will be set in your session tag in the web.config.
If they are different then you will see "interesting" results.
http://msdn.microsoft.com/en-us/library/ms972429.aspx
If you look in the web.config you can write some thing like this
<configuration>
<sessionstate timeout="20" />
</configuration>
and there you can set you timeout..
Use the sessionstate timeout. You do not want to use Recycle Worker, as this will recycle all sessions associated with that worker, every N minutes. It's a good idea to set Recycle Worker to a very high value if you are using the session variable.

Resources