0

I have a problem with my ASP.Net MVC application. I have the following in my web.config:

  <authentication mode="Forms">
    <forms loginUrl="~/Login" timeout="525600" />
  </authentication>
  <sessionState mode="InProc" timeout="525600" />
 <machineKey validationKey="" decryptionKey="" validation="SHA1" decryption="AES" />

And this in my Global.asax

    public void Session_OnStart()
    {
        Session.Timeout = 525600;
    }

Still some times it works fine but sometimes the session runs out after just 3 - 5 minutes. What am I missing. Is there anything I can do to make session last longer. Thank you

UPDATE

Some of you suspected that the problem was recycle time but on my production server I don't have the rights necessary to change recycle time to test that. In the end I fixed it by manually saving session data in database and then when web session expires get data needed from database and put them back in web session.

Thank you for all of your help.

Naruto
  • 97
  • 13

3 Answers3

0

since you set mode to 'inproc' and as you mentioned it works for sometimes and sometimes doesn't work so your application maybe recycled causing your sessions to be restarted

so first make sure that no other code change the session timeout

make sure that application isn't recycled.

Hasan Elsherbiny
  • 598
  • 2
  • 14
  • 31
0

There are a number of other ways the session could 'expire', e.g.:

  • User on multiple tabs - logs out on one tab, returns to the other later and expects it to work.
  • Changes on the server side code could cause the session to be cleared on the server.
  • Code on the server runs in a web farm (multiple machines) - this can be problematic for 'InProc' sessionstate.

InProc on web farms

If you are on a web farm and your machine keys haven't been set up to match in the web.configs, then your logout might be due to the request going to another server (where the auth cookie won't decrypt and thus be un-authenticated).

InProc doesn't work well in a webfarm situation. You need to choose another method (SQL Server session state being the other built in option) which will take the session storage to a different location. There are other 3rd party options for storing the session state on a central machine.

Paddy
  • 33,309
  • 15
  • 79
  • 114
  • You say that InProc can be problematic for web farm any ideas how to solve it? – Naruto Jun 07 '17 at 09:06
  • I have a machine key set in my web config are there any other issues? – Naruto Jun 07 '17 at 09:22
  • @Naruto - it's not just the machine key. Your session state is being stored in memory on the server you hit. If you get routed to another machine, it won't exist on that server. Depending on how you have this coded, this could be your issue. – Paddy Jun 07 '17 at 09:29
  • You say that it depends how I have this coded do you have any suggestions how could I code it right? The reason I am asking this question is because I am trying to avoid changing session state mode if possible. – Naruto Jun 07 '17 at 09:32
  • Sorry, depends on how you use whatever you put in session. The takeaway here should be that if you are using a webfarm and round robin style routing, InProc session state will not work for you. – Paddy Jun 07 '17 at 10:19
0

Old question but I forgot to officially answer it. We switched to a new server and there was no problem anymore so I never exactly figured out what the cause of the problem was. Before switching to a new server to deal with the problem I made a fail safe which stored the session in database as well as InProc. This way if session was not found in memory first I would check the database and get data from there if it existed. Thank you for help everyone.

Naruto
  • 97
  • 13