0

I use session base authentication in my asp.net MVC website. Any time users that already using website will be logout in short time, cause of changing session id automatically, and it make trouble for them.

How can i stop session id changing?

in this pic you can see log of an user activities. sql user loges

ehsanHB
  • 119
  • 1
  • 10
  • Most likely, your sessions are expiring before the users's logout ticket. Increase the timeout of your session state - https://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.timeout(v=vs.110).aspx – Tommy Nov 08 '17 at 14:34
  • i got the log of all events and i see that session id changed but session time still alive because i config my session time to 50min, so after changing, user can not continue his works,and he get access deny, however original session id is still exist,but its not for current user – ehsanHB Nov 08 '17 at 14:43
  • Are you on a web farm / using shared hosting? – Tommy Nov 08 '17 at 17:37
  • Yes.I use a web farm – ehsanHB Nov 09 '17 at 08:31
  • Ok - that explains why your session id is "randomly" changing. By default, sessions run inside the server they were created on. Having multiple servers means the you have to use a different method to store your session information. Have you setup your session state so that it can be shared across the servers in the web farm such as using SQL Session State? https://stackoverflow.com/questions/686873/allowing-session-in-a-web-farm-is-stateserver-good-enough – Tommy Nov 09 '17 at 12:09
  • No, i used just inproc mode in session. – ehsanHB Nov 11 '17 at 05:33
  • On a web farm, `InProc` sessions are **not** shared among the servers. You need to use something other than `InProc` such as `SqlServer Session State provider` that can be shared among your web servers. – Tommy Nov 11 '17 at 14:31
  • i don't need share session among the server. i just need a session correctly work in a website in hosting (don't change session of my user periodic in 5 min, 10 min, ...). i can't find reason of this behavior. – ehsanHB Nov 16 '17 at 08:15
  • i was add a pic of user activities log in the question. please check that – ehsanHB Nov 16 '17 at 08:25

1 Answers1

0

this problem happened when in any redirect of my website, redirect between "http://www.blabla" and "http://blabla". when change user URL requested, changed his session id and ... i modify my code and use just "http://www.blabla" in my redirects.

ehsanHB
  • 119
  • 1
  • 10