Why do I lose my Session Variable in 5 minutes? - asp.net

I have a web page where the user select a Company and with that I keep the Company name in memory though a Session but when I go to the next page the Session only last like 5 minutes?
Any reason why and how I can fix this, I did extend the Session state in the Web.config but that did not work.
Example: Session("CompanyName") = "Bytes Technology"
In my web.config I have:
timeout="40" />
I move from Default.aspx to CompanyDetail.aspx with my Session("CompanyName")
But if I let the program idle in CompanyDetail.aspx I lose the Session State.
Any ideas?
Regards
Etienne

from your comment I see that you think your site is in a load-balancing server farm.
in this case you need to store your session in db or avoid using it: you cannot be sure that the same server will serve the same user each time he does a postback, and if the user goes from server "A" to server "B" in two different posts... your session variables are lost.
try a google search for "sessionstate database", you'll find tons of stuff on this.
hope this helps
andrea

some questions:
the timeout time is always the same? 5 minutes?
is your site running in a load-balancing server farm? with more than one front-end server?
what are you telling in your web.confing regarding sessions and sessionstate?

I'd wager your not using a load-balanced farm, and are actually using shared hosting.
In a load balanced farm, your code is deployed to multiple servers, and if you have sticky sessions disabled, the user will utilize the server with the least load on each request.
Since you are using 3rd party hosting, I heavily doubt you are doing that.
Session timeout can be hardset in IIS by the host provider, and the most likely culprit is that they have set this to 5 minutes.
Call your host provider, ask them what their IIS session settings are, and go from there.

In IIS, go into the properties of your website, click to the Home Directory tab and then click the Configuration button. Here, click the options tab and check the Session timeout there. I'm pretty sure this only effects classic ASP, but I'm not 100% sure.

If this happens always at 5 minutes then check web.config for session settings, and check IIS: website/Properties/ASP.NET, click on Edit Configuration, select State Management tab, and check session settings.

could there be some antivirus on the server that's causing the web app to reset itself every 5 minutes, with the ASP.NET runtime thinking either the binaries or the web.config has changed? that is also possible.

Another idea is to put the machine name into a comment on a page and see if that is changing from page to page just to confirm that there is a changing of the server handling the request.

thank you everyone for all the information. The company hosting my site just extended the time of the application pool and that worked!
Thanks
Etienne
http://www.erate.co.za

I decided to scrap using Session Variables and went with Query Strings!! Much better!!

Related

Asp.NET Sessions dropping with "In Process" setting. Can someone clarify some things for me?

I have a web application that appears to be randomly dropping ASP.NET sessions. This application is hosted across four servers along with a load balancer. I have looked at the Session State settings in IIS7 for the site's virtual directory. Each server has this set to "In Process". From some reading I have done, it looks like this means the session data is only held on a single server, and if the load balancer switches the server on that user, the session will get dropped. Is this correct?
Articles that I have read also state that if using "In Process" when hosting on multiple servers, you should be using something called "Sticky Sessions", but don't go much into detail about it. How I can check to see if "Sticky Sessions" are being used? Is this an IIS7 setting, something unique to the load balancer, or something totally different?
This is just my theory, so I am also wondering if there are some other indicators I should look into before I can draw the conclusion or eliminate the possibility that the load balancer/IIS settings are the issue.
I've checked into the Event Viewer and I don't think this is happening due to any recycling of AppPools or IIS itself.
Yes, you are right, when another server is hit in one of next requests, there is no data.
Sticky sessions are handled by the balancer. It could stick clients by their ip or issue a stick cookie. Depends on the actual balancer and now it is configured. In NLB this was called "session affinity".
Another common workaround would be to configure your session to a sql server mode but sounds like you are aware of this possibility and you don't want to go that way.

Increasing Session TimeOut

Site hosted via IIS 7.0
I would like to set my session time-out to 9 hours in my ASP.NET application.
This has been set at web.config
<sessionState timeout="540"></sessionState>
But, as I understand, if the timeout is set as 20 minutes inside the IIS where the website is hosted, setting an extended session state will be of no use.
Firstly, I would like to confirm whether this assumption is right.
The problem is that I do not have access to the IIS of my shared hosted web server.
Now, after some research, I came up with another solution in code project. This sounds like a wonderful idea. The idea is to insert an iframe to master page. The iframe will contain another page with meta refresh less than 20 minutes.
Response.AddHeader("Refresh", "20");
This idea seemed good for me. But the article is 7 years old. Plus at comments section a user complaints that this won't work if the page is minimized and I am worried that the same happens when my pages tab is not active.
I would like to know these things
Whether the refresh method will work for my scenario , even if the page is minimized?
Are there any other methods that could increase session time out that overrides IIS timeout setting?
Also I read some questions in Stack Overflow where the answers state that the IIS session timeout is for clasic ASP pages. Then why is not my extended timeout not firing?
Firstly, I would like to confirm whether this assumption is right.
Yes, this assumption is absolutely right in case you are using in-memory session state mode. In this case the session is stored in memory and since IIS could tear down the AppDomain under different circumstances (period of inactivity, CPU/memory tresholds are reached, ...) the session data will be lost. You could use an out-of-process session state mode. Either StateServer or SQLServer. In the first case the session is stored in the memory of a special dedicated machine running the aspstate Windows service and in the second case it is a dedicated SQL Server. The SQL Server is the most robust but obviously the slowest.
1) Whether the refresh method will work for my scenario , even if the page is minimized?
The hidden iframe still works to maintain the session alive but as I said previously there might be some conditions when IIS unloads the application anyway (CPU/memory tresholds are reached => you could configure this in IIS as well).
2) Are there any other methods that could increase session time out that overrides IIS timeout setting?
The previous method doesn't increase the session timeout. It simply maintains the session alive by sending HTTP requests to the server at regular intervals to prevent IIS from bringing the AppDomain down.
3) Also I read some questions in Stack Overflow where the answers state
that the IIS session timeout is for clasic ASP pages. Then why is not
my extended timeout not firing?
There is no such thing as IIS session timeout. The session is an ASP.NET artifact. IIS is a web server that doesn't know anything about sessions.
Personally I don't use sessions in my applications. I simply disable them:
<sessionState mode="Off"></sessionState>
and use standard HTTP artifacts such as cookies, query string parameters, ... to maintain state. I prefer to persist information in my backend and retrieving it later using unique ids instead of relying on sessions.

ASP.NET Why are sessions timing out, sessionstate timeout set

Hey I have the following line in my web.config
<sessionState mode="InProc" timeout="45"/>
Which I thought would keep sessions intact for 45 mins
But I have seen the case where if a user is inactive for lets say 15 mins the sessions times out.
How can I stop this ?
Edit : Just noticed I have the following line in the master page
meta http-equiv="Refresh" content="1800;URL=http://www.virtualacademy.ie/login.aspx">
Maybe this is causing the issue, what is the above line doing i.e the number 1800
Be sure to check your IIS configuration because the application pool that your site is hosted on also has its own timeout value which will override your own .config.
To increase it,
Open IIS
Select Application Pools on the left side
Select the Application Pool used by your site
Choose advanced settings
Under Process Model categtory increase the 'Idle Time-out' value to the desired length.
Hope this helps.
(If you do not have a dedicated server / access to IIS with your hosting provider you will have to contact them to see if they can increase it for you)
If the user closes their browser or clears cookies, or if the AppDomain on the server is recycled, the session state will be lost.
Have you checked logs to see if the app is recycling?
AppDomain recycles are a very common problem for this if the sessionState is InProc. It is very much advised to use a StateServer or SQLServer for production systems instead. See Session-State Modes for documentation on how to use each, and the pros and cons of the three different types.
Personally, we use SQL Server if we must for web server farms--slower but can be shared. We use State Server if the site will only be hosted on a single web server--state survives AppDomain restarts, but not entire server restarts.
Also, in the past we have used an AJAX post in the background while the user is watching long running videos or performing long client-side tasks, so that the session timeout gets reset every few minutes. Nothing special about this code--just have a little JavaScript hit every few minutes some ASPX page that returns nothing.
Are you using Forms Authentication? It has its own timeout setting that when expires will redirect the user to your login page even if their session is still valid.

ASP.NET Application Restarts Too Much

I have an ASP.NET WebSite which restarts in every 1-2 hours in a day so sessions and other thing are gone and users are complaning about it, because they open a page and do something for 20 minutes and when they submit it, a nice "we are sorry" page is there.
I don't do anything which restarts the application (changing the web.config, changing the files, or even other buggy things like deleting a folder in App_Data which normally shouldn't cause a restart).
Can it be related with Server's hardware? It is not much powerful.
I guess this is recycling.
App pools in IIS get recycled by default - either after a timeout, or after "n" hits.
This should be expected, and is part of the normal processing (although it can be disabled in the app-pool configuration; IIS6 | IIS7).
The fact that this breaks your app suggests that you are using a lot of things like in-memory sessions. Consider moving these to database backed implementations. Apart from withstanding both app-pool restarts and server reboots, this can allow you to scale the site to multiple servers.
Check this blog post about some possible causes for appdomain recycles. There are many possible causes.
If you are unable to fix the problem you could switch from in-process session state to eiter a session state server or to storing session state in a database. Both options are easy to set up and works quite well, but there is a performance impact (between 10-20% I think). There is a nice article here about how to setup a session state server.
Sounds like the app is being recycled or process is failing.
Check app pool settings http://msdn.microsoft.com/en-us/library/aa720473(VS.71).aspx
and event viewer.
Since you mention that your server is small, you might check to see if your worker process is consuming more memory that you have set in your processModel in machine.config. That can cause a reset.
Are you sure that the ASP.NET application actually restarts? Or do you think that it happens because of the lost Session and such?
What is your application's (and IIS') Session timeout variable? The default value of the timeout is 20 minutes, so that's why I am asking. You can set the timeout in your web.config as follows:
<system.web>
<sessionState timeout="120"/>
</system.web>
But apart from that, there are also places inside IIS itself where you can set it. In the case of IIS6 those places are:
Properties of a virtual directory > Home Directory (tab) > Configuration (button) > Options (tab) > Session timeout
Properties of a virtual directory > ASP.net (tab) > Authentication (tab) > Cookie timeout
I'm not sure whether or not both are actually needed, but I usually set both to the same value as I set it in my web.config.
Is there any indication of the cause of the restart logged in the Event Log?
Do you have any anti-virus software running on the server. A change to the web.config will cause your application to restart afaik so in some instances anti-virus software passing over the web.config might alter the attributes on the file which could be causing the reset.
Try disable any AV software or exclude the web applications directory from the AV auto scanning.

Can you programmatically change session time out in ASP.NET?

Can it be done or the only way is to configure it on IIS?
You edit generally the Global.asax file's Session_Start method and set Session.TimeOut to whatever you want. You can do this anywhere else in your code too.
you can, but it will not override the IIS settings (by default 20 minutos) if you are in a Shared Hosted environment.
what I do is apply the use of SQL Sessions, it will turn the web application a little more slow, but you have total control of the sessions and if you update something to the application and the Compiler needs to re-compile the resources/classes again, the user will not be logged out.
Sessions will be kept in a special table of the SQL database.
If your in a hosted environment and your not allowed to override IIS default session timeout (as others have mentioned in the comments), you can trick IIS into keeping the session alive for longer by using an iframe that refreshes the session over and over (kind of like a keep alive ping) for whatever interval of time you need. I had this situation and used this approach
ASP.NET Push Redirect on Session Timeout

Resources