This article shows how to implement sesstionState inside web.config file. But what I want to do is to clear the session when user is idle for 15 minutes or higher. And reset the time when the user is active within the scope of time. Is this possible? If not how could I do this without using any javascript code/jQuery?
BTW, I have my BaseController where all Controllers inherits to it. Hope someone could give me the better idea.
Use the timeout property in the <sessionState> configuration section.
<sessionState
...
timeout="number of minutes"
...
</sessionState>
Documentation:
http://msdn.microsoft.com/en-us/library/h6bb9cz9%28v=vs.100%29.aspx
Related
We have an ASP Web-Forms site that we update frequently.
However, any time we modify any classes stored in the App_Code folder, this causes an App Pool Recycle and loses all of our session state, causing our users to be logged out.
This means that any time we need to make changes in app code it needs to be around 2:00 in the morning to minimize user impact.
Now, since I value my sleep I was wondering if there is any workaround for this behaviour?
I've tried switching the application to use StateServer mode for Session State.
This seems to work as long as the class being changed is not currently in use.
However if the class is in use it results in every-bodies session being lost.
What is best practice in this case for a heavily used website?
Am I condemned to late nights every time we need to fix a bug in our classes?
Thanks in advance for any response...
You will need sessionState setting cookieless="false" in addition to mode="StateServer".
In addition you need a fixed machine key, so a recycle won't generate a new machine key but uses the same key. If a new key is generated all previous sessionIds can't be decrypted, so the link to the sessionState is lost.
Check https://technet.microsoft.com/en-us/library/cc755177(WS.10).aspx for how to configure/generate a machine key.
This is an example from msdn, so don't use this in production, but generate your own key:
<machineKey
validationKey="32E35872597989D14CC1D5D9F5B1E94238D0EE32CF10AA2D2059533DF6035F4F"
decryptionKey="B179091DBB2389B996A526DE8BCD7ACFDBCAB04EF1D085481C61496F693DF5F4"
/>
In the end you need something like this in your Web.config or your Machine.config if you want to set the same key on machine level.
Can anyone tell me why the session clears itself automatically after a certain amount of time in my application?
I use the following line to create a session variable to pass data between classes:
string data = TextBox.Text
Session["Data"] = data;
After around 10 - 15 minutes i refresh the page to find that the session cache has been cleared and my application collapses on itself.
Is there a way to extend the session time in web.config?
Im not fully aware of how powerful Session's can be so any help would be great guys thanks
Look in your web.config file and see the sessionState section:
<configuration>
<system.web>
<sessionState timeout="30"></sessionState>
</system.web>
</configuration>
I have changed it to 30 to extend the Sessions life for an additional 15minutes. You can change this to suit your requirements.
I am creating a mvc4 application and here I am creating a cookie to give a user access to various pages depending on their roles and things. but I have different doubt. Instead of logging off people generally tend to close the browser window. So, I made the cookie not store any of the data from the login when that happens (or I think thats what happens, according to the blogs and answers Ive read so far!)
I only want 10 users to access that site at one time. So when the user closes the browser or when the session ends I want it to execute the LogOff function that keeps track of the number of people logged in and opens up that port session for use by someone else.
I tried adding session_end in the global.asax page and it just never seems to get there. and for testing purposes I had it expiring in a minutes time. But it does however go to the Session_start in the same global.asax page.
Any idea as to how I can get this to work?
This is what I had to do (hoping its not silly!):
In the web.config, needed to add the timeout here to trigger session_end
<system.web>
<sessionState mode ="InProc" timeout="10"/>
</system.web>
Although, in the same web.config there is a timeout here, i dont know where it goes.
<authentication mode="Forms">
<forms loginUrl="/SiteUsers/Logon" timeout="10" />
</authentication>
If you guys have other ways to get around this, please do tell me, im all ears! Im still in the trying and testing everything phase so any help will be much appreciated :)
Thanks guys! hope this helps solve someones problem.
I have an aspx page with a few textboxes and a submit button.
Once the submit button is clicked an xml file is created from the table/textboxes on the screen.
That works fine if doing it right away but if you click the button after 20 mins or so the page errors out.
I have:
<location path="Default.aspx">
<system.web>
<httpRuntime executionTimeout="1000000000"/>
</system.web>
</location>
in web.config and <asp:ScriptManager ID="ScriptManager1" runat="server" AsyncPostBackTimeout="1000000000" /> on the aspx page but it still times out after around 20 mins or so.
What am I missing?
Default session time is 20mins Msdn
Here is one of the way
1.http://weblogs.asp.net/stevewellens/archive/2009/06/09/ah-ah-ah-ah-staying-alive-staying-alive.aspx
Check this Solution
2.how to avoid session timeout in web.config
3.https://stackoverflow.com/a/412502/1053241
In your web.config you more than likely have
<sessionState timeout="20"></sessionState>
You shouldn't really extend your session timeout beyond this though
How to set session timeout more than 20 min.?
This post explains all the relevant places to check your session timeout
Also when you come to deploy your application remember to check the IIS timeout configuration
Maybe the Session is over, Try to set the SessionTimeOut, or write a JavaScript function to send an AJAX request time by time to keep the Session alive.
But I really don't think you're on the right way with that, if the Session is over you should redirect to the login page.
Here is a good example to keep a session alive: http://www.dotnetcurry.com/ShowArticle.aspx?ID=453
Also rather than extending your session you could just warn the users that they are about to be timed out of the system and ask them if you wish to continue using the site
http://programmerramblings.blogspot.co.uk/2011/07/aspnet-session-timeout-control-with.html
This control lets you do that
I am setting this at individual page and button click event. Seems to do the trick if you do not want a application wide timeout change in config.
HttpContext.Current.Server.ScriptTimeout = 90000;
I set sessiontimeout in web.config file like following.
<sessionState timeout="120"
cookieless="false"
mode="InProc"
/>
Some times above code working fine.But many times session expired after 10 to 15 minutes automatically.
and this errors exists in every browser.
when i run same application using .net on my local computer it working fine.
Please note that, i haven't create global.ascx file yet.
Sessions will also be reset when the application recycles. This will happen when you change some things in the site, like change anything in the "bin" folder or modify the "web.config" file.
Also IIS may stop or recycle applications that it thinks are not used at the moment.
Are you sure you want to keep everything in memory for two hours, even after the user left? Better ways to keep the session alive would be to use some regular (every few minutes) AJAX callback. Search for "session keep alive asp.net ajax".
Have you verified the session timeout the app is ending up with? Do a response.write of Session.Timeout. This value can be set in several places.
How do you know the user is being active? The session will time out if he's only typing text, scrolling, and/or reading for lengths of time greater than the timeout value. The browser must invoke a HTTP request to the server to reset the timer.
As Hans mentioned, a background script-based "pinger" set to run at interval to access minimal web content will help.
Considering I'm about to start yet another web application, and I seem to need to add this functionality to most web apps, I was inspired to create a little package called Keep Me Alive to speed this process up in the future. You can find it here:
http://kma.codeplex.com/
Hope it helps!