Weired problem! ASP.NET Session expires instantly. In my web.config I have this session settings:
<sessionState mode="InProc" timeout="10000" />
AFAIK the timeout attribute's value is in minutes and can't be greater than 525,600 minutes (1 year). I don't understand what I am doing wrong here. Why is the session expiring. Is it a server memory issue? I don't think so, the server is pretty descent and it has only one site which isn't doing much after all. Ideas?
EDIT:
After setting the cookiless attribute to true, and while noticing the session id on the url, I can see that the session id CHANGING. I assume that this means the session is expiring. The IIS Settings are correct AFAIK (the enable session state checkbox is checked, and the value of the time is 20). A Picture is worth 100 words:
alt text http://img148.imageshack.us/img148/5053/sessionstate.jpg
Perhaps your browser doesn't store cookies correctly. Try setting session to cookieless mode and try again.
<sessionState mode="InProc" timeout="10000" cookieless="true" />
You need to make sure Session is enabled with IIS as well as in the web.config.
Also, it's worth putting some logging on the Application Restart. You might have something else going wrong that is causing the whole app to reset.
I had this happen with a page once. It turns out that I was doing a Session.Abandon() in a place that I did not realize was called in the execution sequence (it related to login and the way I was using the membership provider). As a debugging tip, I would recommend putting a breakpoint on every Session.Abandon() and making sure that it's not being called when you don't expect it.
This has happened to me a couple of times and the main culprits have always been.
Someone updated a file in the web application causing it to restart, this normally happens when someone decides to update something in the web.config without realising this causes all the sessions to be dropped.
The other thing that has caused it for me is a setting in IIS that defines how long sessions last, if you go into the properties of your virtual directory/web site and click configuration, on the options tab is a session timeout duration check this is enabled and set to a high enough value.
It turned to be a mistake of one of our team members, he was setting the session to be inproc though the site was distributed of 4 physical machines with Load-Balancing. I'm not sure if it's the problem though, but when I changed it to store the session in a SQL server, it worked! Will dig deeper this issue and report any further information I might get. Thanks you all Guys!
Related
I have set session time out to 9 hours in web.config file something like this:
“<sessionState mode="InProc" timeout="540" />
But often users complain that they are facing time out in less than 9 hours of inactivity and the time interval after they are timed out also varies.
I was wondering if session time out is dependent on any of the below settings in IIS:
Session time setting
Idle- time out setting for Application pool
Recycling setting.
Please advise.
Also, how do I check session time out setting in IIS 7.0?
The session will be lost when the ApplicationPool recycles. That's one of the IIS settings that you mentioned. To set only the timeout in the web.config will not be enough. You need to adjust the setting in IIS.
Here is a link I found while I was looking into the same problem.
Also, this question was very useful: Losing Session State
If you are using Forms authentication you should make sure your FormAuthentication Cookie is set to expire at the same time as your Session.
If not make sure your IIS is not getting recycled. ( put a logger in your Global.asax to verify the application end events compared to your users complaints.)
It is not enough to set session time out in your web config. If the server on which your site is hosted is having less time out value set in IIS setting, your session is time out according to the server session time out value.
also if you are deleting any folder from the server directory, this can also cause your AppPool to recycle unexpectedly.
so please check the server session time out value and if it less then ask your hosting to increase it as per your requirement.
I have an ASP.net application where Users aren't able to successfully complete certain actions, for reasons, I'm assuming, can only be related to losing their session (which is where I maintain their current user information, and how determine whether they are logged in)
I'm at a loss as to why they would lose their session, so my first question is:
What (in general) would cause a user to lose their session in ASP.net?
and since I don't know when a user loses their session and can't reproduce it myself:
How can I track when I user loses their session
Below is my sessionState config for reference
<sessionState
mode="InProc"
cookieless="false"
cookieName="My.Site.Com"
timeout="480"/>
A number of things can cause session state to mysteriously disappear.
Your sessionState timeout has expired
You update your web.config or other file type that causes your AppDomain to recycle
Your AppPool in IIS recycles
You update your site with a lot of files, and ASP.NET proactively destroys your AppDomain to recompile and preserve memory.
-
If you are using IIS 7 or 7.5, here are a few things to look for:
By default, IIS sets AppPools to turn themselves off after a period of inactivity.
By default, IIS sets AppPools to recycle every 1740 minutes (obviously depending on your root configuration, but that's the default)
In IIS, check out the "Advanced Settings" of your AppPool. In there is a property called "Idle Time-out". Set that to zero or to a higher number than the default (20).
In IIS, check the "Recycling" settings of your AppPool. Here you can enable or disable your AppPool from recycling. The 2nd page of the wizard is a way to log to the Event Log each type of AppPool shut down.
If you are using IIS 6, the same settings apply (for the most part but with different ways of getting to them), however getting them to log the recycles is more of a pain. Here is a link to a way to get IIS 6 to log AppPool recycle events:
http://web.archive.org/web/20100803114054/http://surrealization.com/sample-code/getnotifiedwhenapppoolrecycles/
-
If you are updating files on your web app, you should expect all session to be lost. That's just the nature of the beast. However, you might not expect it to happen multiple times. If you update 15 or more files (aspx, dll, etc), there is a likelyhood that you will have multiple restarts over a period of time as these pages are recompiled by users accessing the site. See these two links:
http://support.microsoft.com/kb/319947
http://msdn.microsoft.com/en-us/library/system.web.configuration.compilationsection.numrecompilesbeforeapprestart.aspx
Setting the numCompilesBeforeAppRestart to a higher number (or manually bouncing your AppPool) will eliminate this issue.
-
You can always handle Application_SessionStart and Application_SessionEnd to be notified when a session is created or ended. The HttpSessionState class also has an IsNewSession property you can check on any page request to determine if a new session is created for the active user.
-
Finally, if it's possible in your circumstance, I have used the SQL Server session mode with good success. It's not recommended if you are storing a large amount of data in it (every request loads and saves the full amount of data from SQL Server) and it can be a pain if you are putting custom objects in it (as they have to be serializable), but it has helped me in a shared hosting scenario where I couldn't configure my AppPool to not recycle couple hours. In my case, I stored limited information and it had no adverse performance effect. Add to this the fact that an existing user will reuse their SessionID by default and my users never noticed the fact that their in-memory Session was dropped by an AppPool recycle because all their state was stored in SQL Server.
I was having a situation in ASP.NET 4.0 where my session would be reset on every page request (and my SESSION_START code would run on each page request). This didn't happen to every user for every session, but it usually happened, and when it did, it would happen on each page request.
My web.config sessionState tag had the same setting as the one mentioned above.
cookieless="false"
When I changed it to the following...
cookieless="UseCookies"
... the problem seemed to go away. Apparently true|false were old choices from ASP.NET 1. Starting in ASP.Net 2.0, the enumerated choices started being available. I guess these options were deprecated. The "false" value has never presented a problem in the past - I've only noticed in on ASP.NET 4.0. I don't know if something has changed in 4.0 that no longer supports it correctly.
Also, I just found this out not long ago. Since the problem was intermittent before, I suppose I could still encounter it, but so far it's working with this new setting.
In my case setting AppPool->AdvancedSettings->Maximum Worker Proccesses to 1 helped.
Your session is lost becoz....
JUST MAKE SURE THERE ARE NO RUNTIME ERRORS, ANY FATAL EXCEPTION WOULD
KILL THE SESSION!
In Microsoft stack, Visual Studio - put Ctrl + Alt + E - All Exceptions ON, then run the code in Debugging mode. Any Fatal ones are THE reason for session loss..
You could add some logging to the Global.asax in Session_Start and Application_Start to track what's going on with the user's Session and the Application as a whole.
Also, watch out of you're running in Web Farm mode (multiple IIS threads defined in the application pool) or load balancing because the user can end up hitting a different server that does not have the same memory. If this is the case, you can switch the Session mode to SQL Server.
I was only losing the session which was not a string or integer but a datarow.
Putting the data in a serializable object and saving that into the session worked for me.
Had a problem on IIS 8 when retrieving Content via Ajax. The issue was that MaximumWorkerProcesses was set to 2 and Javascript opened 17 concurrent requests. That was more than the AppPool could handle and a new pool (without auth-data) was opened.
Solution was to Change MaximumWorkerProcesses to 0 in IIS -> Server -> Application Pools -> [myPool] -> Advanced Settings -> Process Model -> MaximumWorkerProcesses.
Dont know is it related to your problem or not BUT Windows 2008 Server R2 or SP2 has changed its IIS settings, which leads to issue in session persistence. By default, it manages separate session variable for HTTP and HTTPS. When variables are set in HTTPS, these will be available only on HTTPS pages whenever switched.
To solve the issue, there is IIS setting. In IIS Manager, open up the ASP properties, expand Session Properties, and change
New ID On Secure Connection to False.
I had same problem by losing sessions. every time , every page reload, my sessions clear and by new reload any page, my sessions returned by valid value...
i fixed it by change MaximumWorkerProcesses from 0 to 1 in iis
I was struggling with this issue for 14 days.
Here's what helped me:
Check your recycling options in App Pool > Advanced settings. Turn off all of the options so it won't recycle on its own.
Check your web.config file for the executionTimeout property under httpRuntime and increase its value.
Check your web.config file for the timeout property under sessionState and increase its value (I set it to 300 minutes).
Go to the server's event log and check the Application log for unhandled exceptions that may cause the worker process to crash. Fix them in your code or use try and catch to eliminate this crash.
Try changing the value of your maximum worker process from 0 to 1 or the other way around, this may also solve this issue.
In my case, session state was loosing due to Load Balancer. Session was storing in one server and Load balancer was redirecting next call to another server where session state was missing.
I have an ASP.NET web application that I can't modify (I only have the binaries). This application connects to a web service and it seems like the connection is closed from the client side (my web app). I have increased the "executionTimeout" in the machine.config of the destination server but my web app seems to still stop after waiting for a while.
Is there a way to increase the timeout time for my web application by simply modifying the web.config? As I said... I can't modify the timeout in the code so my only option would be through config files.
Thanks!
Try if this would work for you.
Firstly, you need to increase the timeout of the executionTimeout attribute of the httpRuntime element. Note that this is mentioned in Seconds unlike the other timeout attributes like the Session timeout and others.
<httpRuntime
executionTimeout="36000"
And moreover, this attribute takes effect only when you set the debug attribute of the Compilation element to false. This is also specified in the MSDN link that you mentioned. Like,
<compilation
debug="false"
../>
But this works in conjunction with the Session timeout. Yes, if the session times out , then an error would be thrown. and it wouldn't wait for the executionTimeout value to take effect. so you also need to set the Session Timeout to a higher value. And note that this is in minutes. which would look like,
<sessionState
mode="InProc"
timeout="360"
...
/>
And note that all of this would be overriden by AppPool recycling process. so you need to set the Idle Timeout value of the Apppool that your website uses to atleast same / higher value than the session timeout.
I found it here http://www.eggheadcafe.com/community/aspnet/17/10111748/how-can-we-increase-the-t.aspx
The default timeout of web application is 90 seconds which is usually more than enough for general purpose use. It is important to note where the timeout is coming from. Is it from the page itself or something in the page that is causing it. In either case, it would appear that the "the page" is timing out.
I stumbled upon this question as my page was timing out too. Found out the exception was coming from SQL (read the the actual error) so it was really SQL problem. Once I knew it, I could easily fix it.
In web.config file
<binding name="endpointname" sendTimeout="00:3:00" />
This will update timeout property to 3 minutes
I'm very confused when it comes to what actually decides the session time-out.
The web app needs to allow for a 20 minute "idle time" before logging (or throwing) users out. I've tried different setting on both sessionState and Recycle worker processes in IIS. The time-out remains too short and, as far as my quit-n-dirty, primitive tests have shown, a bit random.
I read somewhere that the default time-out is 20 minutes, but in my app it appears to be closer to five. Are there any easy ways to change this? The app is running .NET 3.5 on IIS 6.
EDIT:
I just realized that the Entity Framework might have something to do with the problem, as the user content is held as a context in the entity framework. Is there any time limit for how long an entity is held?
The user will be logged out based on your Authentication settings in the web.config.
The Session timout will be set in your session tag in the web.config.
If they are different then you will see "interesting" results.
http://msdn.microsoft.com/en-us/library/ms972429.aspx
If you look in the web.config you can write some thing like this
<configuration>
<sessionstate timeout="20" />
</configuration>
and there you can set you timeout..
Use the sessionstate timeout. You do not want to use Recycle Worker, as this will recycle all sessions associated with that worker, every N minutes. It's a good idea to set Recycle Worker to a very high value if you are using the session variable.
I have an ASP.NET WebSite which restarts in every 1-2 hours in a day so sessions and other thing are gone and users are complaning about it, because they open a page and do something for 20 minutes and when they submit it, a nice "we are sorry" page is there.
I don't do anything which restarts the application (changing the web.config, changing the files, or even other buggy things like deleting a folder in App_Data which normally shouldn't cause a restart).
Can it be related with Server's hardware? It is not much powerful.
I guess this is recycling.
App pools in IIS get recycled by default - either after a timeout, or after "n" hits.
This should be expected, and is part of the normal processing (although it can be disabled in the app-pool configuration; IIS6 | IIS7).
The fact that this breaks your app suggests that you are using a lot of things like in-memory sessions. Consider moving these to database backed implementations. Apart from withstanding both app-pool restarts and server reboots, this can allow you to scale the site to multiple servers.
Check this blog post about some possible causes for appdomain recycles. There are many possible causes.
If you are unable to fix the problem you could switch from in-process session state to eiter a session state server or to storing session state in a database. Both options are easy to set up and works quite well, but there is a performance impact (between 10-20% I think). There is a nice article here about how to setup a session state server.
Sounds like the app is being recycled or process is failing.
Check app pool settings http://msdn.microsoft.com/en-us/library/aa720473(VS.71).aspx
and event viewer.
Since you mention that your server is small, you might check to see if your worker process is consuming more memory that you have set in your processModel in machine.config. That can cause a reset.
Are you sure that the ASP.NET application actually restarts? Or do you think that it happens because of the lost Session and such?
What is your application's (and IIS') Session timeout variable? The default value of the timeout is 20 minutes, so that's why I am asking. You can set the timeout in your web.config as follows:
<system.web>
<sessionState timeout="120"/>
</system.web>
But apart from that, there are also places inside IIS itself where you can set it. In the case of IIS6 those places are:
Properties of a virtual directory > Home Directory (tab) > Configuration (button) > Options (tab) > Session timeout
Properties of a virtual directory > ASP.net (tab) > Authentication (tab) > Cookie timeout
I'm not sure whether or not both are actually needed, but I usually set both to the same value as I set it in my web.config.
Is there any indication of the cause of the restart logged in the Event Log?
Do you have any anti-virus software running on the server. A change to the web.config will cause your application to restart afaik so in some instances anti-virus software passing over the web.config might alter the attributes on the file which could be causing the reset.
Try disable any AV software or exclude the web applications directory from the AV auto scanning.