1

I want to increase the session timing of my ASP.NET web App hosted in IIS 6.0. So, I changed the SessionState timing to 600 mins in web.config of the site. But it didn't work and my session times out like in an hour.(Session["myVariable"] == null)

<system.web> 
<sessionState timeout="600" />
  </system.web>

Now I tried setting the Timeout value in IIS website where this application is hosted by going to website -> Properties -> Home Directory Tab -> Configuration button -> Options tab and changin it to 600 mins, still no luck. The question here says that this is for classic ASP Pages but not for ASP.NET web sites. which means that I am doing it wrong.

Then I checked the app pool under which this application runs (app Pool->Properties-->Performance tab). This says "Recycle Worker Process(in minutes)" as 10 mins. I read many questions on SO but none of them gives a clear cut answer on how to increase the session timeout on ASP.NET WebApp.

I want to know the difference between these three settings and when to use which and how do we increase the session timeout of my webApp.

Programmerzzz
  • 1,237
  • 21
  • 48
  • 3
    Note the default [in-process session mode is not recommended for production applications](https://brockallen.com/2012/04/07/think-twice-about-using-session-state/) because it will recycle session every time the app pool recycles. To prevent this, use one of the [out of process session state modes](https://msdn.microsoft.com/en-us/library/ms178586.aspx). – NightOwl888 Jan 24 '18 at 05:55
  • So, you suggest to change the Session State mode completely I appreciate and agree with that completely , but that includes a lot of rework on the application as it was huge and was written long ago like 8 years back, and in the long run, we are planing to migrate to Angularjs so, putting huge effort now may not be worth it. Any other solution would be of great help to me. I thought this would be easy, seems like its not – Programmerzzz Jan 24 '18 at 06:00
  • Read the documentation. There is no "rework", it is only a single `web.config` configuration setting and setting up the state server (either in SQL server or as a Windows Service). – NightOwl888 Jan 24 '18 at 06:02
  • Apologies if i am not clear.I know its a small change in web.config.but i meant changing the way we access the session variables across the whole app is tedious and laborious. – Programmerzzz Jan 24 '18 at 06:05
  • Okay...do u have an example that i can look at? It would help me to get started – Programmerzzz Jan 24 '18 at 06:14
  • Another issue is session_end method may not be fired if we use stateserver mode..i do have some cleanup code in session_end method – Programmerzzz Jan 24 '18 at 06:16
  • True `Session_End` doesn't fire. So it looks like you will have a small amount of rework to find a better way to run that code than in `Session_End`. But it is a small price to pay for having session state that doesn't just disappear whenever the server decides. There is literally *no way* to make in-process session state 100% reliable. – NightOwl888 Jan 24 '18 at 06:25
  • So how do we detect session end if session_end dont fire..? – Programmerzzz Jan 24 '18 at 06:27
  • Reality is you are facing huge rework if switching from unreliable in-memory session state to persistent out-of-process state anyway. You are storing non-serializable objects in sessions state and fixing that would take significant effort. Loosing equally unreliable (i.e. unlikely to fire in case of process restart) will end up just a small concern . – Alexei Levenkov Jan 24 '18 at 06:31
  • See [Session_End() alternatives for SQL Server session state](https://stackoverflow.com/q/25543983/). If you use SQL Server, the session actually never times out. If you use the Windows Service, it may be possible to [use an HTTP Module for Session_End](http://www.codeproject.com/Articles/21156/ASP-NET-HttpModule-for-handling-session-end-with-S). – NightOwl888 Jan 24 '18 at 06:35
  • IMHO, my real question would be "what kind of "session" lasts 10 hours"? Then perhaps if you're going to do work (anyway), you can better manage the data persistence (what to persist, where, and for how long, for each "type" of data). – EdSF Jan 24 '18 at 06:52
  • @EdSF: This is a request System where user enters info by verifying another sheet which obviously takes time. In the code behing,we are using sessoin variables to store some of the info and save it to DB. Since the user takes easily >20 mins, and sometimes hours in entering info on the page, we decided to extend the session to avoid the errors in code behind as I said. Thus we agreed upon 10 hours as theworst case time and when trying to update the session time correspondingly, I am still getting timeout well before than 1 hour. – Programmerzzz Jan 24 '18 at 14:45
  • @Programmerzzz sure, I get that. It would be similar to persisting a user's shopping cart for _days_ ready for checkout, _without_ relying on `sessions`. So knowing what _can_ be persisted, _where_ enables such. Can't define that for you, that would be based on your business rules. Hth. – EdSF Jan 24 '18 at 18:13

1 Answers1

1

The timeout you set in your web.config is the session timeout. It controls how long each 'session' of your web app needs to wait before expiration. Let's say one user logs in to your app and does nothing for 20 minutes and then clicks a button, he will be logged out and needs to login again (assume session timeout is 20 mins). Any other users who were continuing their work won't be affected.

App pool recycling is a different thing. It's a setting which kills and restarts the worker process in IIS as instructed. So if you have it set for 10 minutes, it's like you are restarting IIS every 10 minutes. So all sessions in apps which uses that app pool will get expired unless you have sessions state saved elsewhere.

There is another setting in app pool, which is the idle timeout. It's also set in minutes and it also terminates the worker process if there are no requests for that time period. If you have only your app running in IIS, then you should increase this value as well, along with your session timeout value in web.config. Otherwise even though ASP.NET likes to keep its sessions for long, the app pool won't.

This setting is found in app pool -> advanced settings -> process model

Ε Г И І И О
  • 11,199
  • 1
  • 48
  • 63