I have Webform ASP.NET 4.5 application.
In the login page Session variable is set as :(simplified related code)
Session["UserName"] = txtUserName.Text; (txtUserName.Text cannot be empty)
and then
Response.Redirect("Survey.aspx");
In survey page I have
if (Session == null || Session["UserName"] == null)
{
string errorText = "Session was timed out due to inactivity, to continue, please close All of your Browser windows and log in again";
In web.config file I have:
<system.web>
<sessionState mode="InProc" timeout="1200" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<customErrors mode="Off"> </customErrors>
</system.web>
Also on IIS itself I have
timeout :02:00:00
Still users report Session time out intermittently, after 15-20 minutes.
What this cause this?
=============================
Update: After setting it up to stateserver I get:
Unable to make the session state request to the session state server. Please ensure that the ASP.NET State service is started and that the client and server ports are the same. If the server is on a remote machine, please ensure that it accepts remote requests by checking the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state\Parameters\AllowRemoteConnection. If the server is on the local machine, and if the before mentioned registry value does not exist or is set to 0, then the state server connection string must use either 'localhost' or '127.0.0.1' as the server name.
As noted in comments, your application pool is probably configured to recycle periodically, which will cause InProc sessions to be lost.
You also asked in comments:
What do you recommend change the app pool or <sessionState mode="StateServer "> ?
In general, I would do neither! Instead, I would design the application so that it is resilient to Session data being lost.
In your example, you're storing a username in Session. Instead, I would use Forms Authentication, in which case the username will be available to you from HttpContext.Current.User.Identity.Name: no need to store it in Session.
In general, I would only store stuff in Session that can easily be regenerated, e.g. by reading from a database. To retrieve stuff from Session, check for null and regenerate if necessary, something like:
var mySessionValue = (MyType) Session["MyKey"];
if (mySessionValue == null)
{
mySessionValue = ... regenerate value, e.g. by reading from database
Session["MyKey"] = mySessionValue;
}
...
You may be losing the session state because the app pool is being recycled. There are all sorts of reasons why the app pool might get recycled including time-outs, exceptions etc.
If you change your session state from InProc to StateServer then your session information should survive the app pool being recycled.
There are some downsides to using StateServer - the primary one is that objects added to the session have to be serializable. This is not normally a big issue.
To make StateServer work you need to make sure the ASP.NET State Server is installed and the service is running.
Related
I have a ASP.Net web application in witch i want to put a timeOut (for user that dosen't do anything for too much time). My test use a 3 secondes timeOut. In the web.config :
<sessionState mode="StateServer" stateNetworkTimeout="3"></sessionState>
I get the following error as soon as i run my app:
Cannot request session state in session state server.
I can't find anything relevante for this case...
i tried to put InProc in Mode="" but it dosen't timeout anything.
Looking at this, you're trying to use a State Server and set the idle time between the web server and the state server. To properly configure the web server to use a state server, you must also configure the state server. Go to your state server and run:
systemroot\Microsoft.NET\Framework\versionNumber\aspnet_state.exe
This will install the asp.net state service. Then in the sessionState element in your web config you will need to set the stateConnectionString attibute as well.
<configuration>
<system.web>
<sessionState mode="StateServer"
stateConnectionString="tcpip=SampleStateServer:42424"
cookieless="false"
timeout="20"
stateNetworkTimeout="3"/>
</system.web>
</configuration>
You now have two "timeouts" here. The "timeout" attribute is how long the user can keep a connection to the webserver. The stateNetworkTimeout is how long the webserver to stateserver connection can be idle. The default is 10 seconds.
Hope this helps.
ref: https://msdn.microsoft.com/en-us/library/ms178586(v=vs.100).aspx
/ip
<sessionState mode="InProc" timeout="1" cookieless="false" ></sessionState>
I mistaken secondes for minutes, the Timeout value is about minutes. So i waited 1 minute for my test...
Thanks to #Devian and #Agolo.
So I was given the task to set the session time out to 24hr, doing some reading on the web i found out that i also need to set the forms authentication to that time frame so the user is not logged out. My question is , are there any drawbacks on the server side? Will it work harder/slower thanks to the fact that it has to keep all those sessions in check ?
Will it work harder/slower thanks to the fact that it has to keep all
those sessions in check ?
There is no performance improvement or slow down for Server except that user doesn't need to re-login and server doesn't need to authenticate the user again.
Once user is logged-in, server checks authentication cookie whether is still valid on every post back (doesn't matter how long or how short you set the timeout).
Normally, you want to set form authentication time out to be larger than session time out.
For example,
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<sessionState timeout="1440"/>
Its actually a bit more complex than that. I can't remember which is which but they have different expiries. Session timeout resets with every request whereas the forms auth ticket only resets after at least half the time out has expired. So this needs to be double the size of the session timeout.
I am doing session sharing between two website on same server using sqlserver session mode but it is worked on virtual directory not worked on server while uploaded the site on the server.
Both website using same database and same server.Can anybody tell me that what is i missed.
You might need to add the connection settings for session state to your live machines web.config.
<configuration>
<system.web>
<sessionState mode="SQLServer"
sqlConnectionString="Integrated Security=SSPI;data
source=SampleSqlServer;" />
</system.web>
</configuration>
You need custom session state implementation that will allow to share session between 2 different sites.
Default SQL session state indexes record with {session key (i.e. from cookies) + application ID} - as result even the same session ID on the same server will get separate information for different sites. There is no supported way to configure it to ignore application ID part.
I am using a global filter in order to determine if a user is allowed to access a certain page/controller. I haven't been able to get a lot of tread of this as I'm not able to do a simple session variable creation. Here is my simplified code:
public class MyActionFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuted(ActionExecutedContext context)
{
context.HttpContext.Session.Add("asdfasdf", 1234);
//Check if user is authorized in db
//...
base.OnActionExecuted(context);
}
}
Error:
System.Web.HttpException: Failed to login to session state SQL server for user '<USERNAME>'.
If I comment out Session.Add the application works fine. It's strange because the error given is completely unrelated (I think). How do I get my session variable to work in this case? Better question, is this the correct way to go about user authentication?
It seems that your application is configured to use SQL Server session state persistence. And you have a problem with the connection string in your web.config.
If you want to use SQL Server session state persistence make sure that you have correctly configured your database and specified correct connection string to it:
<configuration>
<system.web>
<sessionState mode="SQLServer"
sqlConnectionString="Integrated Security=SSPI;data
source=SampleSqlServer;" />
</system.web>
</configuration>
If you don't want to use SQL Server to persist your sessions you could switch back to InProc mode:
<system.web>
<sessionState mode="InProc" />
</system.web>
</configuration>
I have an intranet page which needs to not time out (indefinitely) and I'm using JS to keep it alive that way.
But I am having one issue that happens when the user loses the connection (happens frequently due to to going in and out of wifi range) the session times out then.
How can I keep the session up/refresh it if that happens?
How about increase the session time out on web.config ?
<configuration>
<system.web>
<sessionState timeout="120"></sessionState>
</system.web>
</configuration>
http://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.timeout.aspx
Other possible way is to make your database, connected with the user cookie, and use your "custom session" data that are totally connected with your users.
Try using in web config if you are using Form Authentication
<system.web>
<authentication mode="Forms">
<forms timeout="120"/>
</authentication>
<sessionState timeout="120" />
</system.web>
first Sets the session timeout on the server is for all session
Rather than a single Session
out wifi range is the entire network are broken
so not keep alive
You have to use cookie
use cookie keep alive