We have a WebForms application that is installed at our customer:
- .NET Framework 4.51
- InProc Sessions (using Cookies)
- Integrated pipeline mode
- IIS 8.5
- SSL
The problem
We have a problem with the session suddenly being re-created by the webserver. This is happening from time to time when an postback is made to an aspx-page. (The Session.IsNewSession property is set and all previous session data is lost. The ASP.Net_SessionId cookie does not change nor does the sessionId). The problem is not specific to a browser. (tested with IE, Chrome, Firefox)
EDIT: I can now also confirm that when this occurs, not only the session of the executing user is recreated, but the session for all other active users are also recreated.
I can neither reproduce this behavior while debugging with VisualStudio nor with my local IIS server.
What I've tried / tested
- Checked the IIS settings for session timeout (Timeout = 20min, but the session is lost on a postback after ~ 5 seconds)
- App-Pool recycling is set to default values (1740 minutes)
- All requests are made using https:// (so no switching between http / https)
- Activated recycle-logging -> As far as I can see there is no app-pool-recycling when this is happening (No logs, no process-ID change, ...)
What could cause this problem?
EDIT 2: I'm now sure, that the problem is IIS 8.5. The same code running in IIS 7 does not have this problem.
The workaround
This answer solved a similar issue by setting the application pool to 'Classic' instead of 'Integrated'. I've now modified the application in a way that it can also run in 'Classic' mode and the problem is gone. I'm still looking for the cause and a "real" solution that will allow me to run the application in 'Integrated' mode. So any suggestions are still appreciated.
