CODEWITHSUNDEEP
c#asp.netvb.netiis
S Nash
S Nash

Reputation: 2499

unexplained Session time out in ASP.NET

I have Webform ASP.NET 4.5 application.

In the login page Session variable is set as :(simplified related code)

 Session["UserName"] = txtUserName.Text; (txtUserName.Text cannot be empty)

and then 

Response.Redirect("Survey.aspx");

In survey page I have

if (Session == null || Session["UserName"] == null)
    {
        string errorText = "Session was timed out due to inactivity, to  continue, please close All of your Browser windows and log in again";

In web.config file I have:

<system.web>    
    <sessionState mode="InProc" timeout="1200" />   
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <customErrors mode="Off"> </customErrors>
</system.web>

Also on IIS itself I have

timeout :02:00:00

enter image description here

Still users report Session time out intermittently, after 15-20 minutes.

What this cause this?

=============================

Update: After setting it up to stateserver I get:

Unable to make the session state request to the session state server. Please ensure that the ASP.NET State service is started and that the client and server ports are the same.  If the server is on a remote machine, please ensure that it accepts remote requests by checking the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state\Parameters\AllowRemoteConnection.  If the server is on the local machine, and if the before mentioned registry value does not exist or is set to 0, then the state server connection string must use either 'localhost' or '127.0.0.1' as the server name.

Upvotes: 1

Views: 1586

Answers (2)

to StackOverflow
to StackOverflow

Reputation: 124696

As noted in comments, your application pool is probably configured to recycle periodically, which will cause InProc sessions to be lost.

You also asked in comments:

What do you recommend change the app pool or <sessionState mode="StateServer "> ?

In general, I would do neither! Instead, I would design the application so that it is resilient to Session data being lost.

In your example, you're storing a username in Session. Instead, I would use Forms Authentication, in which case the username will be available to you from HttpContext.Current.User.Identity.Name: no need to store it in Session.

In general, I would only store stuff in Session that can easily be regenerated, e.g. by reading from a database. To retrieve stuff from Session, check for null and regenerate if necessary, something like:

var mySessionValue = (MyType) Session["MyKey"];
if (mySessionValue == null)
{
    mySessionValue = ... regenerate value, e.g. by reading from database
    Session["MyKey"] = mySessionValue;
}
...

Upvotes: 2

theduck
theduck

Reputation: 2617

You may be losing the session state because the app pool is being recycled. There are all sorts of reasons why the app pool might get recycled including time-outs, exceptions etc.

If you change your session state from InProc to StateServer then your session information should survive the app pool being recycled.

There are some downsides to using StateServer - the primary one is that objects added to the session have to be serializable. This is not normally a big issue.

To make StateServer work you need to make sure the ASP.NET State Server is installed and the service is running.

Upvotes: 1

Related Questions