2

My application's session is ending abruptly and don't see any error being generated in Application_Error in Global.asax. Also, the Session_Start event fires but not Session_End. It happens after I host the application on a server and does not happen on my dev machine.

The steps to generate this auto exit is to switch between pages that load and display a list of objects (Client, Managers, etc). After about 30-40 seconds of activity, the user is logged out and Login screen is displayed. Any ideas what could be going wrong behind the scenes?

Web.Config has the following settings for session and authentication:

<sessionState timeout="60" mode="InProc" cookieless="false"/>

authentication:

<forms name="XXX.AUTH" loginUrl="~/login.aspx" protection="All" timeout="60" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="~/default.aspx" enableCrossAppRedirects="false"/></authentication>
A9S6
  • 6,575
  • 10
  • 50
  • 82

5 Answers5

3

Are you hosting on a shared hosting environment (i.e. from a hosting provider like GoDaddy)? They may be recycling the IIS worker process every minute or so, in which case you'd lose your session information. You'd have to use some type of out-of-process session state such as a state server or Sql State Server to avoid that.

Here's the MSDN article on it.

Jason
  • 8,400
  • 10
  • 56
  • 69
  • You mean mode="stateServer"? Yes its a shared hosting environment. If I use stateServer, I need to specify the server:port settings, where can I get those from? Do I also need to configure the IIS/Server then? – A9S6 Jul 14 '11 at 15:12
  • Yes, you can use mode="stateServer" or mode="SQLServer". Who is your host? I fairly confident GoDaddy doesn't support this because I ran into it [earlier](http://stackoverflow.com/questions/6092249/does-godaddy-support-asp-net-stateserver). – Jason Jul 14 '11 at 15:14
  • Its a client's site (I only have FTP access to it) and I am not sure about the provider but with a whois search "ns1.microsoft2008hosting.com" comes up and "microsoft2008hosting.com" is inactive. – A9S6 Jul 14 '11 at 15:20
  • try using the following web.config settings to test this quickly: See if it times out when you do this (temporarily) – Jason Jul 14 '11 at 15:21
  • Tried. Same problem, was logged out. – A9S6 Jul 14 '11 at 15:25
  • If I use "SQLServer" mode, do I need to create specific table inside SQLServer or any other specific configuration? Is it tricky I mean? – A9S6 Jul 14 '11 at 15:32
  • Marked as answer: I confirmed with client's provider (re-invent) and they tweaked the app pool assigned some more resources to it --after which the issue was gone. – A9S6 Jul 19 '11 at 15:29
1

Have you checked if the Application Pool for the website is recycling? If that happens the App would be stopped dead in it's tracks. Further many applications run in an application pool, it is possible another app is crashing the pool and taking your app down with it.

Bobby Borszich
  • 11,639
  • 9
  • 37
  • 35
  • How can I check that? I have FTP access to the site, maybe I need access to the admin console? – A9S6 Jul 14 '11 at 15:13
  • Can you RDP into the server? if so then you can check it ... in shared hosting you don't really have a way to check this with out contacting support – Bobby Borszich Jul 14 '11 at 15:17
  • No, I can't RDP --its shared hosting. – A9S6 Jul 14 '11 at 15:21
  • not likely they are having a crash they are unaware of. Is it possible to throw a simple up in it's place to check? or push you app up to a different hosting account? you local dev will never be the same as a server. – Bobby Borszich Jul 14 '11 at 15:33
  • I'll try to get more information from the client regarding the web host and if I can have access to the admin panel. – A9S6 Jul 14 '11 at 15:36
0

Have you tried specifying the machineKey in your web.config?

<machineKey 
validationKey="random_validation_key" 
decryptionKey="random_decryption_key" 
validation="SHA1" decryption="AES" />

You can generate these keys here: http://aspnetresources.com/tools/machineKey

Also, if you change more than 15 files inside the application (aspx files etc), it will automatically trigger a recompilation of the code and you might lose the session as a result, more info here: http://msdn.microsoft.com/en-us/library/s10awwz0(v=vs.85).aspx

Terry Kernan
  • 746
  • 5
  • 12
0

You missed changing the session expiry value in you IIS pool properties.

Karthik Malla
  • 5,570
  • 12
  • 46
  • 89
-2

Session is simply a cookie, and each cookie has a time. Maybe you haven't specified the time correctly. Check your web.config file.

Saeed Neamati
  • 35,341
  • 41
  • 136
  • 188
  • Added the session settings to the original post. – A9S6 Jul 14 '11 at 15:10
  • Session is not simply a cookie. In the context of a web browser, sure it is just a cookie, but the timeout period of the cookie absolutely does not 100% reflect the timeout period for the associated session within the session management service. Some session cookies may expire at the end of a browsing session, or never, while the session itself could be terminated after 15 minutes of inactivity, for example. – h0r53 Jan 17 '17 at 18:15