session in IIS always empty (between pages) - asp.net

I have floder in wwwroot that contain all the pages for a website.
the problem is that session and cookies are not save between the pages, although that the session is recognized, but always empty!
What do I have to do in order to enable session and cookies between the pages?
I tried adding this line to web.config
<authentication mode="Forms">
<forms cookieless="AutoDetect" domain="" timeout="10" protection="All" />
</authentication>
And I turn the folder to an Application throw the IIS manager tools.
but nothing :(
the IIS version is 7
Thanks for any help

Have you checked that session state is enabled in IIS7?
http://technet.microsoft.com/en-us/library/cc725624%28WS.10%29.aspx
You also need to ensure that you have the session state config setting setup in your web.config in your application.
Here's an example of mine
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" />
You should check out
http://msdn.microsoft.com/en-us/library/ms178586.aspx
Edit: updated the above link, the previous one was defunct.

Related

Why does my ASPX app keep logging the user out?

This ASPX app I'm working on keeps logging me out mid-session. I tried changing this:
<sessionState mode="InProc" timeout="24" />
To
<sessionState mode="InProc" cookieless="true" timeout="1440" />
But it still times out every couple of minutes (sometimes sooner). I've never programed in ASPX before and I'm just making basic layout changes (removing three nested tables, etc.), but it's horrible how many times I have to log in to do even the simplest things.
Any clue what else might be timing me out if not the session state? I didn't write any of this...
The InProc and the session is not keep the logging authentication. This authentication is done using some other cookie that if you loose it you logged out.
There are two points to look - if you move from http to https and if you move from www. to non www. pages.
To solve that go to your web.config and check if you have setup that properties correctly (especial the domain).
<authentication mode="Forms">
<forms timeout="50" path="/" requireSSL="true" cookieless="UseCookies" domain="domain.com" />
</authentication>
Also check on roleManager and on httpCookies that you have setup the domain.

session timeout configuration in Web.config

I am new to .net and MVC framework of it as well.
I need to create session timeout functionality.
So I tried
<system.web>
<sessionState timeout="20"></sessionState>
</system.web>
I tried mode="InProc" as well with no luck.
I already has this line in Web.Config
<sessionState timeout="30"
mode="SQLServer"
cookieName="SafeAuto.QuoteAndPurchase"
sqlConnectionString="Data Source=CORPSQLTS09RM18;user id=webuser;password=M#r3Bar!"
cookieless="false"
regenerateExpiredSessionId="true" />
And I know we can not use 2 times.
So anybody has anything in mind to help me out over here. In addition, after session timeout I want to redirect page to specific page.

My asp.net application times out authentication even though I have time outs set in .config

I must be doing something wrong. I have followed instructions to set the timeout on my forms authentication app, but the app never renews the cookie and will time out about every 15mins or so.
I must be missing something that is so obvious it is not mentioned in the literature.
Here is my config info:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/" timeout="120" slidingExpiration="true" cookieless="UseCookies" />
</authentication>
and the session state
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="120">
...
I have tried sliding or not sliding--same time out happens.
Dumb questions: do I need something in the code behind (VB) on every page to make sure the postback renews the authentication?
If you are browsing your web application from IIS then check the check the Idle Time-Out(minutes) property under "Process Model" of application pool.
If it is 20 minutes. You should change that property value.

Moved from iis6 to 7.5 asp.net session timeouts

After moving over to the new platform the site is logging people out after a time of inactivity. This never used to happen and I wish to set the timeout to a larger value. I've changed some settings to no effect and even in code the session.timeout is set to 1440.
Any ideas where I can find another setting for it or where I might start with this problem.
Thanks
The app pool was recycling as the worker process was set to expire after 20 minutes of inactivity.
Have a look at IIS session information here: HttpSessionState.Timeout Property
<configuration>
<system.web>
<sessionState
mode="InProc"
cookieless="true"
timeout="30" />
</system.web>
</configuration>
You can add this section to your web.config in your website root dir for authentication:
<system.web>
<authentication mode="Forms">
<forms timeout="1440" slidingExpiration="true"/>
</authentication>
</system.web>
Assuming that you're using Forms authentication.
And this for session timeout:
<system.web>
<sessionState timeout="1440"/>
<system.web>

How to remove AspxAutoDetectCookieSupport=1

I have a url like http://www.foo.com/NewPage.aspx?pageid=10. However to some users this gets displayed as http://://www.foo.com/NewPage.aspx?pageid=10&
Now i read that the AspxAutoDetectCookieSupport=1 gets appended as in my web.config since I have my web.config as <sessionState cookieless="AutoDetect"/> whereas it should be <sessionState cookieless="UseCookies"/>
What I wanted to know is that is there an issue doing this change.
Try <sessionState mode="InProc" cookieless="false" timeout="20" />
for ref remove AspxAutoDetectCookieSupport
or use this in web config,
<authentication mode="Forms">
<forms cookieless="UseCookies"/>
</authentication>
Browsing through this issue i found in one article
You could change your setting from
cookieless="AutoDetect" to
cookieless="UseCookies". This will get
rid of it, but users without cookies
won't be able to pass session objects
around. Depending on how you are using
sessions, this may or may not matter.
You could also write a routine that
sniffs search robots and rewrite the
Url, or write .browser files for the
search engines you are concerned
about.
For ref: Remove cookie support

Resources