8

I have an ASP.NET MVC 4 web application. Running locally, it works fine, but on the web host (which uses shared hosting), the logged on user is frequently logged out by being redirected back to the home page. In most cases, the user is logged out after performing only a few actions.

The web host suggested that my application could be using up too much memory but I used a program to profile the memory usage and I confirmed that it wasn't using excessive amounts of memory - in fact the application seems to use a fraction of the allocated memory on the web host.

Here is the logon method that is used: 

    public static Boolean Login(string Username, string Password, bool persistCookie  = false)
    {

        bool success = Membership.ValidateUser(Username, Password);
        if (success)
        {
            FormsAuthentication.SetAuthCookie(Username, persistCookie);
        }
        return success;
    }

In my web host, the forms authentication timeout is set to 60 minutes, so that shouldn't be an issue, right? 

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="60" />
</authentication>

and my session state timeout value is also set to 60 minutes: 

<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="60">

Based on the answer here, I added this line also, which didn't seem to solve the issue: 

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps"></machineKey>

Any ideas to what the problem might be and what I can do to solve the problem?

Community
  • 1
  • 1
Ciaran Gallagher
  • 3,895
  • 9
  • 53
  • 97

2 Answers2

2

Your sessions are not timing out. The IIS is crashing. Since you are using in memory sessions, every time IIS crashes, your sessions are gone and the user gets logged out. You should check the server's event views and look into details of errors to find out what the error is.

Sparrow
  • 2,548
  • 1
  • 24
  • 28
0

I set my timeout to 2880 in the authentication timeout for web.config and I also set the sessionState before closing system.web

<sessionState timeout="1440"></sessionState>

This will keep the session active for 24 hours.

PW Kad
  • 14,953
  • 7
  • 49
  • 82
  • 3
    I have both set to 60 currently, which I understand is 60 minutes, which should be more than enough time. I increased the timeout value to a larger number to see if that would make any difference... but it doesn't. – Ciaran Gallagher Apr 30 '13 at 20:23
  • How long is it before it times out, or does it appear to be coming from a specific page or controller? – PW Kad Apr 30 '13 at 20:42
  • I'd say it the user session remains valid for no longer than 1 or 2 minutes... sometimes more, sometimes less. It doesn't seem to matter which controller is being invoked. – Ciaran Gallagher Apr 30 '13 at 21:31
  • How does this differ from the `timeout` attribute on the `forms` tag (sub-tag of `authentication` in `system.web`?) – ashes999 May 14 '13 at 21:03
  • http://stackoverflow.com/questions/1470777/forms-authentication-timeout-vs-session-timeout – PW Kad May 14 '13 at 21:16