ASP MVC - Random session timeouts

Question

I have this:

<membership defaultProvider="DefaultMembershipProvider" userIsOnlineTimeWindow="15">

and this:

<sessionState mode="InProc" customProvider="DefaultSessionProvider" cookieless="UseCookies" regenerateExpiredSessionId="true" timeout="15">

And my session is timing out at random times, I can be viewing page after page and then get logged out, what could cause that?

Answer 1

You should make a distinction between ASP.NET Session:

<sessionState mode="InProc" customProvider="DefaultSessionProvider" cookieless="UseCookies" regenerateExpiredSessionId="true" timeout="15">

and forms authentication:

<authentication mode="Forms">
    <forms loginUrl="~/account/login" timeout="2800" />
</authentication>

The ASP.NET Session is by default stored in the memory of the web server. The problem with this is that your application could be recycled or brought down by the web server at any time and the session will be lost. This could happen for example if your server hits some CPU or memory thresholds and is pretty much out of your control. If tyou want to store something into the ASP.NET session in a reliable way you should ensure that you are using an out-of-process state (such as StateServer or SqlServer). Here's an article about the various session state modes.

Forms authentication on the other hand is used to track your authenticated users with cookies. They are not persisted on the server and not suffering from the same limitations as the ASP.NET Session. If you ever decide to use the ASP.NET Session in your application you should make sure that its timeout is the same as the timeout for the forms authentication cookie and that you are using an out of proc persistence state.