I am completely lost trying to figure this out. It has been going on for months. Session values just get lost. I check for Session["uid"] on master page to force user to login page.
System : Windows Server 2008 R2 Enterprise
IIS 7.5
.Net Framework 4.5 specified in web config
Application pool .Net Framework V4.0
Application pool Timeout set to standard 1740
Not a Web Farm.
Session In web config:
<sessionState timeout="60" mode="StateServer"></sessionState>
I changed the mode to StateServer thinking it is App pool random recycling causing it loose session
I check this post:
Losing Session State
I tested it myself. On a page where is loads countries and then cities based on country selection (updatepanel)... randomly it would just route me to login page on country change. And this is no delay in between change. Change, change, change... and then session["uid"] lost.
I read up on how IIS manages sessions:
https://abhijitjana.net/2010/03/14/beginner%E2%80%99s-guide-how-iis-process-asp-net-request/
can't seem to find answer there.
then i started getting errors like application pool max reached.
Then i set worker processes to 25, and it says it now a Web Garden.
Then i thought let me read up on Web Garden. According to this post it is a bad thing and should not be used ?
https://serverfault.com/questions/81689/web-gardens-are-they-good-or-bad-or-what
I just did the worker process increase today so i can't say if that will help, but i also dont want to leave that in place if it going to cause me other headaches.
My web site is non MVC, but i added an API controller to it. Not sure if this would be the issue for the session lost or app pool maxing out.
API not my biggest concern as we plan to move it to it's own MVC project.
But for now , my concern is the random session being lost.
I'm not sure it being lost. My code simply check if (Session["uid"] == null) go to login page.
I come from PHP / Apache history and never had any issues with Sessions.
Basic structure the same between c# masterpages and PHP template
I don't have any issues on localhost or dev server enviroment.
It's just when on live server that has a couple of other sites on this happens.
I don't think the other site will influence my site? THis is what application pooling prevents?
Related
We have an asp.net Core application (that is running under .net Framework 4.8) which is deployed withing IIS on a Windows Server 2016 box. This application uses asp.net Core identity framework for roles based access.
Everything works great but when we update the "Site Bindings" (by way of an example config change) within IIS all the connected users get logged out upin the next page request, perhaps the cookie/sessions being reset?!
Whilst this might be the behaviour you expect this was not the behavious we had on a previous "identical" installation which was lost (all data was backed up etc etc but the server host died and we lost the exact settings).
I remember reading a while back (but can't find it now) that the session should actually persist as this allows for load-balancing (which we don't need).
Nothing has changed in the code base for this to now not work so this suggests it's an IIS setting.
Does anyone have a magic change we can make for the connections to persists and our users not to be sent back to the logon page on the asp.net core app?
Thanks.
Jim.
*** update ***
Changing the "Identity" property of the Appl pool entry to System Account seems to allow me to change bindings without the (app pool?) reset.
Somewhat annoyingly, this appears to be the only setting that doesnt reset the user sesions when changing the binding. The obv downside of using this are the security considerations which rule it out!
Anyone with a plan c?
I have a web app that executes in different servers with very different specifications, it depends on demand and on clients budget sometimes. Users are made aware of the downgraded experience of running the app on a server with very low RAM for example.
This year we updated our code from a ASP.Net 4.6 monolithic MVC5 code base to ASP.Net Core 3.1 Razor Pages using a Clean Architecture, and more recently to .Net 5. We have everything running smooth and as expected we experienced a huge performance boost.
The only problem we're facing is in scenarios with very low RAM shared hosting were the app has to be executed "out of process" and the app pool keeps restarting after very little time, active users get logged out on every app pool recycling. This didn't happened on the old version of the app, user would experience a delay on their request (sometime a rather long one but users working under this scenarios were aware of their server limitations), but after the app was up they could continue working without having to log in again. Now, after every app pool recycling all users sessions expire and they are asked to log in again, this is understandably unacceptable from their part. I didn't expect this to happen because we're using default identity, authentication and authorization which as far as I understand is cookie based.
One thing that I find odd is that on the site that keeps logging users out there are only two Cookies after users log in.
While on other sites where normal behavior is shown there are four cookies.
I am aware that this is not the best scenario to run a web server, but sometimes that's all there is.
Is there any way I can persist user sessions (maybe in SQL Server) so I can achieve something similar to what we had before? Or am I barking at the wrong tree here?
To describe the app, it has an default page where it will be checking user role from request header then assign the user id into session and redirect to corresponding pages. In every other pages, it will check whether the session has value or not, if no then will redirect the default page.
This has been tested in my dev environment and its working without any issue. However, when I hosted it in IIS (AWS EC2 environment). It started behaving very weird. If the application's bindings is stick to default. I can browse it in the server using http://localhost:26943/ with no issue.
default bindings
However, when i change the bindings to hostname and browse using http://testing.com/, I found that the session containing user ID is empty.
hostname bindings
I have tried several methods including :
Add Session["init"] = 0 in Global.asax
Change cookieless=true in web.config
Change sessionState's mode to "StateServer"
Redirect to "~/page.aspx" instead of "page.aspx"
Only change cookieless method worked for me but it will show session ID in the URL which I doubt is the correct method.
Details of app:
.NetFramework 4.8
Uses WCF service
Current session state info is sessionState mode="InProc" cookieless="false" timeout="60"
Configured c:\Windows\System32\Drivers\etc\hosts to add 127.0.0.1 testing.com
Tested using IE 11
Since AWS is on a server farm?
Then in-proc sessions are going to be VERY flakey and problematic. Those massive cloud systems will spool out your web server multiple times - a WILD guess as to where the next page will come from. If pages are served across different instances of the IIS server?
You going to lose session values. As noted, even some un-handled code errors will cause a app-pool re-set. All of these issues add up to easy and frequent loss of sessions.
I would suggest you adopt SQL server based session management. This should eliminate a zillion issues that can cause a session() re-set. I like in- proc. Memory based is fast, and since your not writing the next Facebook, then of course typical server loads are next to nothing (again, this favors use of in-proc sessions). However, since you a have server farm, and some application errors will become problematic? Adopt SQL server based sessions, and 99 if not 100% of your session() re-sets and loss will go away.
this suggestion is MUCH more warranted since you using AWS and you have little control over the VM's they run and their behind the scenes "fabric" controller could for fail safe and redundancy issues be running multiple copies of your server. So, adopt SQL based session management.
HttpContext.Current.Session["myvariable"]
I gather this might be a general asp.net question as well. I'm running hangfire and we have noticed that when we publish the app to the site that is acting as a container for hangfire, the deploy causes the app to stop running and the app never 'restarts'. I have logging in the global asax application_start and application_end, and our applicationpreload.cs. When we publish the site I see logs for the application_end event but nothing for the start event - this publish occurs while the site is running.
I have followed the steps on the hangfire site https://docs.hangfire.io/en/latest/deployment-to-production/making-aspnet-app-always-running.html and there are a few msdn articles I have followed on the newer IIS settings to keep the app pool always running and the site auto start enabled but my assumption is that these only help when there is either an iis site restart, or app pool recycle/stop/start, or a request comes into the site itself. My scenario is that we are using iis as the container, there are no requests hitting the site and we publish while the app is running...
I was also under the impression that changing files within the iis directory would cause the app pool to recycle but have now realize this is not the case (and that actually makes sense). We are using asp.net mvc 5, iis 10.
Any help here would be appreciated!!!!
PS I can see the down votes already on this - which is actually quite comical taking into consideration this question covers some fundamental asp.net knowledge... and yes I'm just being honest here in terms of not knowing the answer :)
thanks
after a lot of testing different variants of solutions I have resolved this.
I have .net core app deployed azure app service Linux container. The problem is session timeout. One of the user group want no session timeout. The application is shared among different user groups so I don't want to extend the session timeout to hours. Even though I extend, it depends on server pool recycle time. So I add some java script to keep the browser alive. But it doesn't help too. Kindly give any suggestion whether it is possible or jot.