0

We have an asp.net application which uses

1) In proc sessionstate management and

2) Forms authentication

Both the session state and forms authentication timeouts have been set to 20 minutes. Forms authentication has been set to sliding expiration true. 

<system.WebServer>
  <handlers>
     <remove name="KeepAlive" />
     <add name="KeepAlive" verb="GET" path="AJAXKeepAlive.ashx" 
          type="IRCoder.AJAXKeepAlive" preCondition="integratedMode"/>
  </handlers>
</system.WebServer>

<authentication mode="Forms">
     <forms name=".Auth" loginUrl="Login.aspx" slidingExpiration="true" 
             protection="All" timeout="20"></forms>
</authentication>
<sessionState cookieName="ssid" mode="InProc" cookieless="false" timeout="20"/>

I have a keep alive handler which is called on the master page every page refresh. 

public class AJAXKeepAlive : IHttpHandler, IRequiresSessionState
{        
    public void ProcessRequest(HttpContext context)
    {
        context.Session["KeepAlive"] = DateTime.Now;            
    }

    public bool IsReusable
    {
       get
       {
          return false;
       }
     }
}

In Master page:
$.get("<%=ResolveUrl("~/")%>AJAXKeepAlive.ashx");

Problem: When am debugging in my local using visual studio iis express, session_end method in global.asax.cs is always called at the end of 20 minutes automatically even when am refreshing the page several times.

My assumption is that when I make a trip to the server/IIS session timer will be reset and it will only expire when there is 20 minutes of inactivity. This is not the case. I have been very active on the site but still the session_end method is called.

Things I've tried:

I've hosted the application on IIS in our dev server. I have set the IIS session timeout property to be 30 minutes. I have also updated the IIS application pool Idle Time-out minutes to be 30 minutes.

Even in this case, session ends in 20 minutes.

I am unable to have the session slide as it normally should after every page request. Any pointers here is much appreciated.

Solution/Edit:

After researching for a long time, we found that the regeneration of session id while the user is logging in is causing the problem.

Further Update:

I was able to resolve this issue completely. Please use the c# code in the link below: https://stackoverflow.com/a/56391868/3189880 There are other answers in that page but the one that works is the one where the oldId is removed rather than the releasing it. Again only remove the item from store but not release it.

Sriharsha M
  • 1
  • 2
  • Did you check out this page before? Maybe there is something which might be of help to you : http://www.dedicatedsqlserver.com/HowTo/IIS_Timeout.aspx – AntiqTech Sep 26 '19 at 20:50
  • @AntiqTech that link basically says to update application pool timeout. I have already tried that. – Sriharsha M Sep 26 '19 at 20:54
  • There is something similar to what you have. slidingexpiration = true is not working. : https://stackoverflow.com/questions/49254434/form-authentication-slidingexpiration-does-not-work – AntiqTech Sep 26 '19 at 20:58
  • Looked at it.. In my case, form authentication cookie hasn't expired and the cookie is active. It is only that at the end of 20 minutes, session_end is automatically invoked in global.asax.cs. Normally, if am refreshing the page within the 20 mins time session time should automatically get reset. In my case am not sure why the code block reaches session_end – Sriharsha M Sep 26 '19 at 21:27
  • In the following link, they talk about the postsbacks within an iFrame would not be affecting the session timeouts. Do you ,by any chance, create session control inside an İFrame? https://github.com/kennethscott/ASP.NET-Session-Timeout-Control/issues/2 – AntiqTech Sep 26 '19 at 21:39
  • 1
    I was able to identify the issue. Sometime back we have implemented a code to regenerate session id after the user logs in https://stackoverflow.com/questions/5502435/regenerate-sessionid-in-asp-net this is somehow causing the issue. I have reverted the code to the old version of constant session id. Sessions are working fine as normal. – Sriharsha M Sep 26 '19 at 22:47
  • 1
    @AntiqTech Thank you so much for your time on this. Now, I need to figure out how to get the newly generated session id to work well.. – Sriharsha M Sep 26 '19 at 22:49
  • I'm glad to hear that you were able to get to root cause. Good luck with the next part :D – AntiqTech Sep 27 '19 at 11:39
  • 1
    I was able to resolve this issue completely. Please use the c# code in the link below: https://stackoverflow.com/a/56391868/3189880 – Sriharsha M Sep 27 '19 at 16:44

0 Answers0