Reputation: 3298
how to troubleshoot random logouts in asp.net application using forms authentication
I have a reasonably large scale web application talking to multiple applications running on the intranet. The default session timeout is 20 min. This application has certain editable widgets. Certain users of this application have experienced random logouts while they were editing data on the widgets after only logging in few min. I have not seen such logout on my machine. How shall one can go for troubleshooting such logouts?
Application logs quite often has following kind of entries
Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired. Event time: 19/09/2013 16:19:00 Event time (UTC): 19/09/2013 15:19:00 Event ID: bfedac01cc514bedb236347b8585a4e3 Event sequence: 31083 Event occurrence: 820 Event detail code: 50202
Application information: Application domain: /xx/xxxxxxx Trust level: Full Application Virtual Path: / Application Path: C:\xxx\xxx\ Machine name: xxxxx
Process information: Process ID: 56940 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE
Request information:
Request URL: http://www.xxxx Request path: /xxxxx.aspx
User host address: xxx.xxx.xxx.205
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
Name to authenticate:
Upvotes: 0
Views: 1559
Answers (1)
Reputation: 48270
The only reliable way to troubleshoot such unexpected logouts is to ask users to log their sessions using a client-side http debugger, like Fiddler.
Running your application with fiddler open in the background at the client-side will log all requests and responses. Then, when an unexpected failure occurs, the user selects the complete trace (all requests), exports everything to a file and sends to you.
Then you, as a developer, open up Fiddler, import user trace and analyze it around the failed request.
What you search for is the behavior of responses with respect to cookies. Normally, the forms authentication cookie is sent to the server with the request so that user is authenticated. On the other hand, failed request should probably have no such cookie which would suggest that is has been somehow removed.
And this is where it becomes interesting. The only way to remove the cookie is to either remove it manually or to receive a prior response from the server that deletes the cookie. From your, developer, perspective, deleting the cookie is triggered when you call FormsAuthentication.SignOut.
When analyzing the trace you just try to find the culprit request - a request prior to the request that failed - the one that caused the cookie to be deleted at the client-side.
What is so specific in such culprit request - it depends on your server side code and there are dozens of possible causes, starting from configuration issues to buggy code.
However, this is definitely a way to start your investigation.
Upvotes: 3
Related Questions
- Users being forced to re-login randomly, before session and auth ticket timeout values are reached
- Asp.net session timeouts
- Forms authentication keeps logging out after inactivity
- Random logouts with MVC4 asp.net
- Why is ASP.net forms authentication logging me off (when not connecting directly on my box)?
- ASP.NET 3.5 MVC1 - Users randomly unauthenticated/required to log back in
- Login action fails intermittently
- Asp.net membership never logout
- Help! Why do my IE users get randomly logged off?
- how to know logout account issue? asp.net