I want to implement the session timeout feature in my SharePoint application. I tried to set this up in the following way:
Central Administration --> Application Management--> Configure Session State.
I have set a time frame here but it is not working. Can anyone suggest any other way I can have the same feature?
Thanks in advance,
Satheesh
It is just a .NET web app. You could always set it in the web.config. Or if you are feeling crazy, there is always the machine.config.
Related
I have a strange situation in the live environment and it is imposible to figure out what is the issue.
The users complain about the fact they are logged out after a random time.
On the client side it is an ASP MVC application that runs in IIS. Regarding the server side, it is and .net WebApi application that also runs in IIS. This is the session settings from web.config file of the client app:
<sessionState cookieless="false" mode="InProc" timeout="120" />
Even if I have set 120 minutes in config or in IIS advanced settings, they got the logout.
I have a recycle process set at 01:00 in the middle of the night. I have checked the logs files from EvenViewer and there are no other recycle processes trigered, only that one from the middle of the night.
The idea is that I can't reproduce it on my local machine. It happens at any time during the 120 minutes that are configured.
Few weeks ago, I have implemented a mechanism for 2FA using the following library: https://github.com/RobThree/TwoFactorAuth.Net and a functionality "Trust this browser for the next 30 days" in order to skip the MFA authentication if the user want this. Actually, I just keep and expiration date in a cookie in order to know when should I reset the option and ask again the user for a new authentication code. Don't know if it is related to this, but they told me that they encountered this situation after I released that 2FA implementation.
UPDATE After I read more articles in order so solve this issue, I want to add that the aplication is hosted in AZURE. Maybe this information helps.
UPDATE Advanced settings from IIS
UPDATE This are session state settings
Any suggestions would help. Thanks in advance.
I am using Alamofire for service call. Everything is working fine from my side. But on server side, backend people are saying that I am creating multiple session. I don't understand why it is happening.
Can anyone please help me out?
Thanks in advance.
There could be a variety of causes for this issue. Perhaps you're logging in a user for every network call instead of reusing a token, or perhaps you need to attach a cookie to the requests. You need to work with your backend team to see what is required to use a single session.
Someone changed my admin password that I use to login to my website. I changed it back, and I can now log in to the MVC site on localhost. However, it won't log in on the server when I publish the site out. This happened yesterday, too, but eventually the production server started letting me log in again. They both use the same database. There seems to simply be a a time delay or some sort of caching going on here. Does ASP MVC do something like this? Does anyone know how to refresh it so that I can log in to both sites again?
Thank you.
Entity does have cache of it's own. But I think your problem depends on whether you enable it.
So I suggest you learn more about the cache and check if you enabled it or not~
You can find more about Entity's cache here
The answer to this question, as stated by Mike McCaughan, was this:
The server will cache connections in a connection pool. To refresh,
restart your application pool in IIS.
Does anybody have any quick and clever ways to flip an MVC app running on Windows Azure into a "maintenace mode"
I don't have a huge need for this because I use the azure staging environment a lot but occasionally I do have the need to make sure there are no users in the production instance of the application (mainly database updates).
I'd like to be able to do this on the fly without uploading new code or swapping deployment slots. Any suggestions?
The friendliest way to do it is on login. When a user authenticates, check a maintenance mode flag in the database and don't let them log in. Let active users continue to use the application until they log out or their session times out. Keep an activity log so you can know when all users have expired.
Of course this means it will take time from when you put the app into maintenance mode and when it is effectively ready, but it's not nice to boot out an active user.
If the usage pattern of your app makes it so this methodology will not ensure no activity in a reasonable time, you can add a timeout on top of this. Check the same maintenance flag for a request every so often. Doesn't have to be every request but every five minutes or so. If necessary you can also cache the maintenance mode value locally for a reasonable period of time (a few minutes).
I would use routing for this. Have the flag be inspected during routing configuration. If it is on, route to "Maintenance" screens
I would suggest adding a Global Action Filter that respects you maintenance mode Flag.
If my app has to work in a cluster, will using flash[] cause issues?
From what I understand, it uses sessions?
I have set my sessions to be 'cookie_store', so does that solve the potential issue?
Yes. Using the cookie store offloads all the session data to the client to be passed along in the request.