1

i have a web application (mvc4 and .net4.5) on a web farm server and one thing is confusing me, my session id changing whiteout reason and strongly and i lose all user data that i stored them in session state. but it works fine on local machine.

i use this config in my web config:

<sessionState mode="StateServer" customProvider="DefaultSessionProvider" 
 cookieName="abcd" timeout="120" >
  <providers>
    <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers,
     Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
  </providers>
</sessionState>

and my machine key is this:

 <machineKey compatibilityMode="Framework45"      
  validationKey="702C65CF39B1ED514AC4B92326C3A84B3D88990DDF784AA0895659B528ED95F8CA0A9CD1AF5ED92A2599362684CB8D204AC30D07E6BF0CF65194A5129" 
  decryptionKey="1C49E6BA2F9423387FBC91389A0C5C8D06B61875BCE4916A40474ED"
  validation="SHA1" decryption="AES" />

my session time out is on 120 minutes and i can not find why this happening to my web application.i use my log class to view what happening on my web application and I'm sure session id changing.

for example when user go to another area or when user want to pay money by online bank payment i redirect it to bank page and when user redirect to my site from bank in same window (i do not open another tab or window to do this) session id changed.

i store small data like user id in my session.

i use this syntax to store session:

HttpContext.Current.Session[System.Web.HttpContext.Current.Session.SessionID] = "abc"

and read by this syntax:

var myval=HttpContext.Current.Session[System.Web.HttpContext.Current.Session.SessionID]

it like that server do no use my config and do itself work. i want to know is it possible that some configuration may be set on my farm server and it case it do not use my config and do works for itself?

motevalizadeh
  • 5,244
  • 14
  • 61
  • 108
  • have you checked this post http://stackoverflow.com/questions/686873/allowing-session-in-a-web-farm-is-stateserver-good-enough – dove Aug 23 '13 at 07:07
  • i set all of necessary configs on my site to isolate it and my object have serialize able attribute – motevalizadeh Aug 23 '13 at 07:11
  • including this point: http://support.microsoft.com/kb/325056 – dove Aug 23 '13 at 07:18
  • @dove i think you have right and that web farm do this,that was a useful link thanks for your help – motevalizadeh Aug 23 '13 at 07:21
  • Don't show your validation key & decryption key publicly, they are supposed to be private. – Akash Kava Aug 23 '13 at 08:07
  • Also in farm, you should avoid using Session. First of all you are doing transaction and you are not recording it? Bank payment etc are critical, you are supposed to Log them for audit purpose. I would suggest creating a special table, PaymentTransactions which can have unique ID for every attempt & you can store this ID in cookies which will be same for entire farm. Benefit is, you will be able to audit them & in case of Server crash, you will not loose data. – Akash Kava Aug 23 '13 at 08:17
  • @Akash Kava,this is not really codes ,this is sample codes.thanks for your solution – motevalizadeh Aug 23 '13 at 08:23

2 Answers2

1

To extend from comment, it looks like you have to configure your web apps correctly as per the following Microsoft Support article

http://support.microsoft.com/kb/325056

dove
  • 20,469
  • 14
  • 82
  • 108
-1

With server-side state management, if a client switches servers in the middle of the session, the new server does not necessarily have access to the client’s state information (because it is stored on a different server). You can use multiple servers with server-side state management, but you need either intelligent load balancing (to always forward requests from a client to the same server) or centralized state management (where state is stored in a central database to which all web servers have access).

  • Make sure you have the same MachineKey in all your web servers or else they can't share session data.
  • The objects you store in the session need to be serializable
Ohlin
  • 4,068
  • 2
  • 29
  • 35