2

I made a simple GET that loops 10 times and waits 1 second each iteration to simulate work. When I call this route from one tab in Chrome, it takes 10 seconds (as expected). When I call this route simultaneously (from 2 different tabs), the first tab takes 10 seconds to complete but the 2nd tab takes 20 seconds.

If I make my second tab an incognito tab, both requests return in 10 seconds when run simultaneously. I also noted that if I have 2 different controllers (and 2 different routes), simultaneous requests from 2 non-incognito tabs return at the same time.

Can someone explain why multiple requests to the same controller are handled synchronously?

EDIT: The site is self hosted at the moment in IIS

Thelonias
  • 2,918
  • 3
  • 29
  • 63

1 Answers1

6

ASP.NET uses session-state locking to ensure that only one request is ever being handled on the same session at a given time. This helps to prevent race conditions around the session state.

You can get better concurrency by using the SessionStateAttribute to tell ASP.NET that you don't plan to write to the session state.

See this article or this article for more information.

Update

Since you're using an ApiController, the aforementioned behavior probably doesn't apply. However, browsers will further limit concurrency, as explained in the answer to this post.

Community
  • 1
  • 1
StriplingWarrior
  • 151,543
  • 27
  • 246
  • 315
  • So, I'm assuming that if all of my controllers inherit from a base controller (I've abstracted out controller-specific caching into a base controller), the session-state lock would be why calls to these controllers are handled 1 at a time? Is there a way to turn off the session-state locking? – Thelonias Dec 03 '13 at 16:24
  • Thanks for the update...one thing though. The linked article says that one way to deal with the exclusive locking is to "Use a REST-like service like ASP.NET WebAPI or WCF REST. Because REST is stateless by nature, using session state is prohibited." I'm using WebAPI (these are ApiControllers) and I'm still affected. Should I still explicitly mark the controllers with the SessionStateAttribute? – Thelonias Dec 03 '13 at 16:34
  • @Ryan: That's a good point. I think ApiControllers don't have access to the session. Most browsers, however, voluntarily limit the number of concurrent requests to the same domain (usually 2 or 3). Can you use your browser's dev tools to see if that would explain the level of concurrency you're getting? – StriplingWarrior Dec 03 '13 at 16:41
  • I tested 2 connections simultaneously from Chrome and was restricted to 1. I did the same test in IE and was able to make get the results at the same time. So, it looks like all along the browser was restricting calls to the same route when using the same session. – Thelonias Dec 03 '13 at 16:53
  • @Ryan: That's interesting. I wonder if Chrome wants to see whether the result will be cacheable before sending out another request. What happens if you add a cache-busting query parameter to the request? – StriplingWarrior Dec 03 '13 at 17:30