3

I have an application that has been developed and installed on a server. Then, we needed to install the same app on another webserver, starting from the migration we started finding several problems.

Currently the application users are getting logout without any reason (no errors, just logout). This is the Web.config, I've also set the sessionState timeout="1800" but after 2 minutes of inactivity I'm kicked out.

I'm not able to debug it on the server because the service provider doesn't have debug tools, moreover I'm not a .net developer and I'm not able to find any solution. Looking at the microsoft documentation I didn't find anything, the log doesn't report errors or memory limits.

What can I do? I can give to you all you need to understand or help me to find a solution for this issue, just ask me.

Thanks!

  • 5
    What are you using to authenticate - is it bog-standard Forms Authentication? What is the cookie timeout set to in the `authentication` section of `web.config`? – Tim Rogers Apr 23 '12 at 13:29
  • 2
    Check the Application pool recycling options [here](http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1eee28e2-b319-4b4e-8267-a8c0aa0dcf36.mspx?mfr=true) – Shai Apr 23 '12 at 13:30
  • Check out the many suggestions in the answers to [this question](http://stackoverflow.com/questions/648992/session-timeout-in-asp-net) – DOK Apr 23 '12 at 13:40
  • The Web.config I'm using is the one I linked above. I'm not sure what kind of authentication we're using. Actually it seems that setting the sessionState timeout keeps the users logged in correctly... I'm investigating if this issue is happening again... –  Apr 23 '12 at 14:15
  • Are you migrating from one server to another, or are you adding a second server for load balancing? If it's the latter, you need to use a state server for your session. – joelt Jun 06 '13 at 15:44

2 Answers2

1

There are two things you can do in order to resolve this issue. Well only If( you have your form authentication and other properties are set correctly).

  1. Create a Machine Key in your web.config.
  2. Change the App Pool Process Idle time to higher limit. By default its 20 minutes.

When the process stays idle for more than 20 minutes, it kills the worker process and as well as regenerate the machine key. While the existing cookie on client machine is encrypted with older machine key. As it wont be decrypt using the new machine key that is recently got generated, the user will be send to login page to re-enter the credentials and so does to create new persistent cookie.

Saurabh
  • 79
  • 1
  • 10
0

Your web.config is setup to use a SessionID stored in a cookie. Use your web browser Developer Tools to verify the timeout of the ASP.NET_SessionID cookie. The next time you are kicked out the cookie may no longer be there.

Looking at your web.config you don't appear to be using ASP.net authentication. If you were it would look something like this.

<authentication mode="Forms">
   <forms name="appname" defaultUrl="Default.aspx" loginUrl="Login.aspx" 
       protection="All" path="/" timeout="480" slidingExpiration="true"/>
</authentication>

Mode could be set to Windows|Forms|Passport|None. Yours is set to None. You may still be using authentication but that would have to be set in IIS.

Andre Oporto
  • 1,236
  • 9
  • 8