got a problem with my asp.net mvc project timing out after only a couple of minutes. It's especially annoying because I've got quite a complex upload and import procedure which falls over when i get logged out. I currently use asp.net membership provider for authentication.
I've tried a few things that I've seen on this site and others but to no avail. Here is what I have so far in the web config:
<location path="Admin/Upload">
<system.web>
<httpRuntime executionTimeout="1200"/>
</system.web>
</location>
<system.web>
<sessionState mode="InProc" timeout="20" cookieless="false" />
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="20" />
</authentication>
<add name="ConnectionString" providerName="System.Data.SqlClient" connectionString="Server=SERVERNAME;Database=DBNAME;User Id=USER;Password=PASSWORD;timeout=30;MultipleActiveResultSets=True" />
I was sure it was only a minute before being timed out before I added the sessionstate timeout, then it was upped to 2 mins, but can't be 100%.
I thought about using this:
<lifetime leaseTime="15M"/>
...but not 100% sure how to implement it - anyone had any success with it, or know something else I could try?
Thanks
EDIT: I'm on a cloud hosting solution, but only have a control panel - no access to IIS
UPDATE: I've now tried adding lifetime leasetime and it's not made any difference:
<system.runtime.remoting>
<application>
<lifetime leaseTime="20M" />
</application>
</system.runtime.remoting>
</configuration>
UPDATE 2:
Ok, I've edited the title and the web config values to reflect my latest effort, but I'm still struggling. I spoke to the hosting company who set the connection timeout to 20 minutes. However, it the session ends after 10 mins. Is there anything else I can try?
I'm getting there, but I would like 20 minutes!
The lifetime leasetime tag goes in the application tag.
<application>
<lifetime leasetime = "15M"/>
I've never actually used it but if it is like other timeouts idk if you will need the M at the end. That is pure speculation though. You should also be able to set it to "0" so that its lifetime is "forever"
As for the session timeout that looks like it should be set for 100 minutes. However, it should be inside of your <configuration> tags
EDIT
Completely unrelated to the question kind of. But i like how your runtime execution timeout is "over 9000"
Right, I got a solution to this, but it wasn't what I was expecting.
It turned out I was using the aspnet Membership Provider wrongly. I was using like a previous membership system I worked on and logging in then setting the UserId as a session variable and using that throughout the site. I then discovered that is the incorrect way to use it, and changed it to a combination of User.Identity.IsAuthenticated and Membership.GetUser().ProviderUserKey.
It no longer times out and all is well. Thanks anyway.
Related
I am changing session state in:
<sessionState cookieName="myCookieName" />
It changed correctly, but one issue I am facing is default the "ASP.NET_SessionId" is also showing.
I didn't understand what I am going wrong. How can I fix this?
<system.web>
<sessionState cookieName="foo" />
</system.web>
I need only to show a cookie named foo. I don't want to show "ASP.NET_SessionId".
Maybe it's just a cache issue. Try to delete the cookie in the browser.
Then log in again, and see if it appears again...
I know there are a lot of questions on this topic and I have read them all.
I'm using IIS8, .Net 4.5.
Users randomly get an invalid viewstate error, I can't figure it out. Once this happens the only way they can get back into the site is to clear browser cache.
In my web.config I have:
<system.web>
<machineKey validationKey='....key here' decryptionKey='....decrypt key is valid here' validation='SHA1'/>
<!--<hostingEnvironment shadowCopyBinAssemblies="false" />-->
<authentication mode="None" />
<compilation targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
...
</system.web>
I'm running on a virtual private server, and I've yet to find a viewstate larger than 9kb.
My application pool is set to restart at 3:00am, once per day.
My page uses update panels, maybe the user is clicking 'back'? But I've seen it happen just visiting the page with no clicking back.
One thing I noticed is I have 3 different sites using the same application pool identity, but the application pools are seperate. There is no machine keys in machine.xml, but only in my web.config.
A couple of possibilities to investigate:
Update panels are changing form field values (which are what is used to compute ViewState), then the page gets POSTed back to the server, where the new values make validation fail. See this post
You have caching enabled (perform a trace of HTTP headers - make sure you don't have dev tools open) which is causing invalid ViewState to be generated w/ UpdatePanel gumming things up.
Are you using Server.Execute anywhere? (see above link for same)
(less likely) Does your "Virtual Private Server" get migrated to different hardware (perhaps without you knowing it)?
I am developing website using Asp.Net 4.5 (VS2012) and using Telerik Ajax controls. I am using Telerik Schedular, Grid, AjaxPanel etc.
Project compiles fine. When I run it from VS.. It is showing me URL like this
http://localhost:23482/default.aspx
and then suddenly some random string inserted between URL. and it looks little wired like below
"http://localhost:23482/(S(hchi1ir5xii2dy1cjgpghqx3))/default.aspx"
"http://localhost:23482/(S(mgxsfl3rnxnbx2y24i12nowe))/default.aspx"
"http://localhost:23482/(S(sc2hyowh0f2xidnx1zptgaqd))/default.aspx"
I've also tried to run it from IIS as website. no luck.. same problem.
NOTE: The website still works fine even with random strings in URL nothing is broken at all.
Can anyone please suggest me something ?|
Thanks
Seems like you are using cookieless session
See this
SessionId by default is store in cookies but you can use cookieless session by writting this lines to web.config
<system.web>
<sessionState cookieless="true"
/>
</system.web>
you can remove that lines from webconfig to remove (S(hchi1ir5xii2dy1cjgpghqx3))
from
"http://localhost:23482/(S(hchi1ir5xii2dy1cjgpghqx3))/default.aspx"
or write to web.config
<system.web>
<sessionState cookieless="false"
/>
</system.web>
There are some systems within a .NET project I'm working on which use StateServer. We're now using Appfabric cache for caching some stuff which we get from DB. Can these two co exist in the same config file?
The session state part of my Config file looks like this
<sessionState mode="StateServer" cookieless="true" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" regenerateExpiredSessionId="true" timeout="30" stateNetworkTimeout="30"/>
<sessionState mode="Custom" customProvider="AppFabricCacheSessionStoreProvider">
<providers>
<!-- specify the named cache for session data -->
<add name="AppFabricCacheSessionStoreProvider" type="Microsoft.ApplicationServer.Caching.DataCacheSessionStoreProvider" cacheName="default" />
</providers>
</sessionState>
Obviously, this throws an error that session state is already defined and that i cant re-define it.
Till we replace StateServer systems with Appfabric Caching systems ,which will take some time for us (its a very big project), we dont want to disturb the existing systems. Hence this question.
No, you can only have one unique active session state provider at the same time and it is also not possible to dynamically change at runtime.
In past, I also investigated this article in order to create a session store wrapper. Finally, I gave up because of complexity and poor performance.
I am using the openid-selector with DotNetOpenAuth in my MVC 3 app. Whenever I set a session variable and the DotNetOpenAuth sections are in the web.config, my session variables don't stick after a redirect.
I checked the Session.SessionID variable and it is still the same, so I am in the same session (I believe), but when I check the session variables I just set after a redirect they are all set to null.
I haven't seen anyone else with this issue. I am wondering if DotNetOpenAuth just isn't ready for MVC 3 yet. I am using the latest version of DotNetOpenAuth as well.
Here are the relevant portions of the web.config if it helps:
<configSections>
<section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection" requirePermission="false" allowLocation="true"/>
</configSections>
<uri>
<idn enabled="All"/>
<iriParsing enabled="true"/>
</uri>
<system.net>
<defaultProxy enabled="true"/>
<settings>
<servicePointManager checkCertificateRevocationList="true"/>
</settings>
</system.net>
<dotNetOpenAuth>
<openid>
<relyingParty>
<security requireSsl="false"/>
<behaviors>
<add type="DotNetOpenAuth.OpenId.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth"/>
</behaviors>
</relyingParty>
</openid>
<messaging>
<untrustedWebRequest>
<whitelistHosts>
<add name="localhost"/>
</whitelistHosts>
</untrustedWebRequest>
</messaging>
<reporting enabled="true"/>
</dotNetOpenAuth>
Updated:
it is happening on my development server, either in IIS, or when I run the ASP.NET development server.
Also, I tried running session in process and out of process using the state server, and it didn't make a difference.
In regards to a new session, I checked the session_start event, and that isn't being called. I also checked the Session.IsNewSession, and that returned false as well. So something is randomly (or maybe not so randomly) deleting my session variables!
Not the best answer, but I figured out that it's the response.redirect that is killing the session variables for some reason.
So I just made it do a javascript redirect instead, the session stays, everything works fine. Still really don't know what the real issue is here, but hey, I don't have all day to figure it out.
Found the issue here (long ago now). Apparently MVC2 didn't care if I had a view for my actions where I just did some processing then a redirect.
However starting in MVC3, after my upgrade, if I didn't have a view for my action, the page registered an error, and once there was an error, the framework did not store the session variables I just set.
So simple fix... add the views and then also make sure there are no errors in the views.
This should work. I have used DotNetOpenAuth with ASP.NET MVC 3 without any issues. You might want to check that your session doesn't expire during the user is on the remote site for authentication. The fact that you are getting the same SessionId doesn't mean that the session hasn't expired. This could also happen if the server restarts the AppDomain.
DotNetOpenAuth certainly doesn't have Session.Abandon or Session.Clear anywhere in its codebase. It seems possible that if you're setting cookies after the redirect has been sent to the client that those cookies would be lost. Session variables aren't typically persisted as cookies individually though, so if you session cookie made it (and apparently it seems to have) then the rest of your state ought to be there.
It would be interesting to dig into this by implementing your own session store and monitoring what's really going on.