My IIS session occasionally loses all data stored in it, it usually takes about 3-5 minutes, but definately less then the session timeout set in the web.config. The problem is not reproducible reliably, when it happens, accoring to the logs the AppPool is not recycled and the Session ID remains the same, it just loses all data. Any suggestions on how to debug this?
So far I tried to overwrite the session provider and stored the session data into a static variable, we checked all relevant timeouts and we stored a dummy value in the session, that is lost as well
A number of things can cause session state to mysteriously disappear.
Your sessionState timeout has expired
You update your web.config or other file type that causes your AppDomain to recycle
Your AppPool in IIS recycles
You update your site with a lot of files, and ASP.NET proactively destroys your AppDomain to recompile and preserve memory.
If you are using IIS 7 or 7.5, here are a few things to look for:
By default, IIS sets AppPools to turn themselves off after a period of inactivity.
By default, IIS sets AppPools to recycle every 1740 minutes (obviously depending on your root configuration, but that's the default)
In IIS, check out the "Advanced Settings" of your AppPool. In there is a property called "Idle Time-out". Set that to zero or to a higher number than the default (20).
In IIS, check the "Recycling" settings of your AppPool. Here you can enable or disable your AppPool from recycling. The 2nd page of the wizard is a way to log to the Event Log each type of AppPool shut down.
If you are using IIS 6, the same settings apply (for the most part but with different ways of getting to them), however getting them to log the recycles is more of a pain. Here is a link to a way to get IIS 6 to log AppPool recycle events:
Related
I have a website that requires a lot of data entry. It hasn't been an issue until recently. Now the user is getting a 403 error, which I assume is caused by the session timeout. The problem I am having is that now, every page gives you a 403 error, even the logout. So, until I clear all the site cookies, the user is unable to do anything. I have to believe there is a better way to resolve this without having to resort to clearing cookies. Thanks.
Wade
There are so many reasons behind the session timeout:
1)Application Pool is recycled
2)IIS/worker process is restarted
3)Application Domain is restarted.
4)Some times system admins(IIS server admins) restricted the applications due to heavy burden of database log files please check the database log files
First, check the iis log for the sub status code.try to set the session time and application pool recycle time the same value. iis ideal time out default value is 20 minutes.
you could also set the iis HTTP keep-alive setting by following below steps:
https://learn.microsoft.com/en-us/iis/configuration/system.webserver/httpprotocol/
you can use the Auto-Start behavior to keep the app "Always Running".
https://weblogs.asp.net/scottgu/auto-start-asp-net-applications-vs-2010-and-net-4-0-series
I'm running an asp.net mvc5 application on a shared hosting environment (a2 Hosting). I ran into a problem where users get randomly un-authenticated when browsing pages WAY before session timout or expiration should be reached.
I tried playing with applicaiton pool configurations to fixed the problem and finally find out that this was related to numbers of worker processes. When the maximum number of worker processes is set to 1, no more disconnection problems.
My appliciation use real basic from authentication. The only customizing I did was usins a custom Principal object to store extra data in authentication cookie. I DON'T use Session in the application so this can't be the problem.
Set it back to 1. Why you shouldn't use web gardens: https://www.youtube.com/watch?v=9bOTesCnszo
For enabling multiple IIS worker processes.
Go to Services & find Asp.Net State Service Set it to Startup
Automatic
Open IIS Manager Goto Web Application, right click and select Explore, this will take you to the folder, find web.config file & edit this file in notepad and Change Session State to State server and Save the web.config file.
Now edit the app pool by right clicking on it & select Advanced settings and find Maximum Worker processes & change the value & change load user profile to true. Click on OK. Open command prompt as Admin and run an "IISRESET" after complete, TEST.
This helps to boost overall application performance.
I am developing an MVC project with the web API. When the user logs in, I am sending a token to the web service. I keep this token in the Session object on the MVC side. If this session is null, I want to log in again from the user. But sometimes this session object is deleted by itself. What could be the reason for this?
Session has a timeout period of 20 minutes. It could mean that your user did not post anything back to the server within these 20 minutes.
Another problem that might cause a session timeout is if you change something in web.config or some other file through Visual Studio for example. This will trigger the compilation process in the background and will reset your session.
The default session, out of the box one, is InProc session. This means that your session is running in the same process as your web application.
If you want to preserve the session while still being able to update the web application, you need to use either Out of process or SQL Server as a session store. (Note that these session states are not really meant for the scenario where you will be updating things locally, but rather when in production and/or if you have a web farm, but nothing prevents you from using them locally.)
StateServer (out of process)
This session mode will use a service call ASP.NET State Service. This service is set to manual. You will first need to open services (click on Start -> Run -> services.msc). Find the above mentioned service, double click and change the startup to Automatic, then Start.
In your web.config you will need to update or add (if it does not exist) the following key under <system.web>:
<sessionState mode="StateServer"
stateConnectionString="tcpip=YourComputerNameGoesHere:42424"
cookieless="false"
timeout="20"/>
Update the timeout value to whatever it suits you.
SQLServer state
SQL Server state allows you to store your sessions in a designated database on your server. One thing you must remember is that this is the slowest option of all as it has to travel from server to server (in your case it might be the same server, but keep this in mind if you separate web application and sql server)
To configure SQLServer state you must perform a couple of extra steps. First, add the configuration to the web.config:
<sessionState mode="SQLServer"
sqlConnectionString="Integrated Security=SSPI;data source=MySqlServerForSessions;" />
(I cannot recall now whether you can change the name of the database, but for now work with the default values.)
The next step is to run aspnet_regsql command from your command prompt. This command should be in your C:\Windows\Microsoft.NET\Framework\vX.Y.ZZZZ (where X.Y.ZZZZ is the version of .NET Framework. Try with the highest one that you have):
aspnet_regsql.exe -S MySqlServerForSessions -E -ssadd -sstype p
This will create a new database where the sessions will be stored. If you have SQLExpress you might run into an issue when running this command. For that you need to run:
EXECUTE sp_configure 'show advanced options', 1
RECONFIGURE WITH OVERRIDE
GO
EXECUTE sp_configure 'Agent XPs', 1
RECONFIGURE WITH OVERRIDE
GO
EXECUTE sp_configure 'show advanced options', 0
RECONFIGURE WITH OVERRIDE
GO
This should help you work with the sessions. One thing to remember is that in global.asax you cannot use Session_End event when you use StateServer or SQLServer. This event triggers only for InProc session state.
For more information have a look at these two links:
ASP.NET Session State Overview
Session-State Modes
Handling Session and Authentication Timeouts in ASP.NET MVC
I'm writing an ASP.NET Web API application hosted on IIS7 (no special configuration).
My problem is that for each first request (on a new machine/new browser/after a while...) there is a long delay - even on requests that return constants!
I've read about "warming up" scripts but it's not the issue here. It seems like the web server is trying to create a session and it takes very long time. Any suggestions?
EDIT
I think the delay is caused by worker-process creation for each new session. Now the question is why is it so slow, and why doesn't the web server reuse living worker-processes to serve requests?
I have configured the application pool to limit worker processes to 5 with no timeout (set to 0). This caused the first five sessions to be slow on first requests (which I can live with) and now the worker processes are alive. But surprisingly, from time to time, the request is slow again!
If you are using Windows Server 2008 R2 you could configure the Auto-Start feature on the Application Pool. Also in the properties of the application pool you should disable it from being recycled at regular intervals. Bear in mind though that while this will limit the slowness, the application pool could still be recycled by IIS. With the Auto-Start feature it will be loaded again automatically in memory, but the code in your Application_Start will be executed on the next request. So you could still observe some slowness.
Another cause can be https. Our site can run with and without https. The delay at the first page (5 to 15 seconds) occurs only with using https. This post explains the issue with https and the fix:
https issue by the MCS team
I am currently using Session["Name"]="a name" in my controller which work. But when I try refresh the page the session gets empty. Anyone know why?
My config file got:
sessionState mode="InProc" customProvider="DefaultSessionProvider">
with provider to connectionstring
First try adding the following attribute to your sessionState element (in web.config):
timeout="10080"
(that's 1 week, in minutes).
Your session should then survive for at least several minutes. Since you're storing it In Proccess (mode="InProc"), when your IIS App Pool's worker process recycles all the session data stored in that process will be lost.
If you need to store session data for longer periods of time than your worker process will be alive (or if you want to use multiple worker processes or even multiple web servers), you'll need to store your session out-of-process (e.g. in SQL, on a network share, or in AppFabric).