MVC 4: How to maintain sessions and cookies to be still valid after IIS restart?

Question

It seems that my login session (using simple membership) and cookies (verification token) are not valid after IIS server restart. This is a problem for me, if a user in the middle of a transaction then the server restart, the user has to refill the form and do it again, also it can be some code issue when the transaction is interrupted in the middle of the process.

How to make them to be still valid after server restart?

Here is my web.config:

<membership />
...
<sessionState mode="InProc" cookieless="false" timeout="2880" />
...
<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication> 
...
<staticContent>
  <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" />
  <remove fileExtension=".woff" />
  <remove fileExtension=".woff2" />
  <mimeMap fileExtension=".woff" mimeType="application/font-woff" />
  <mimeMap fileExtension=".woff2" mimeType="application/font-woff2" />
</staticContent>

---

Update

I tried to use SQLServer to store the session state. Then new problem arise, which I cannot use ViewBag because it is not Serializable.

Is there another way I can achieve this?

Answer 1

Maybe I'm late with this, but I'm doing the next to keep the session after a iisreset. I'm working with IIS 10, but maybe it could work in other versions:

1. On IIS Configuration Manager (InetMgr.exe) click on Session State

   

2. Select "State Server" and click on Apply

3. Start Windows Service "ASP.NET State Service" (you can change it to Automatic if you will use after restart the computer).

After that, you can reset iis and keep the session.

Answer 2

Simply you can not do it, using key value databases is the best choice for keeping the sessions in memory (like redis) and it is much more faster than relational databases like sql server.

Keeping the data in local storage or cookies might led to data lost or security issues.

Answer 3

localStorage (own browser's storage) can be used to store data locally without using cookies.

Here's W3Schools link: https://www.w3schools.com/html/html5_webstorage.asp

Answer 4

Keep sessions in a clustered database (master-master) so that is one fails other will take over.

Answer 5

If you get an error about viewbag when you try to persist your session means you are storing viewbag in session. Do you really need? I think you should avoid to store viewbag in session and use instead, if you really want to do, your own serializable custom class. May be a generic dictionary can already fit your needs as well... Then persist your session to the database or if you want re-inventing the wheel implement your custom Session-State Store Provider. In general using session to store information is never a good practice for many reasons, the main is your data are lost when the server restart. As far i can understand in your web app you are using session to store posted data, the correct way to do is relay to viewmodel class.

Answer 6

May you have to store the sessions in database, hope this tutorial help you https://msdn.microsoft.com/en-us/library/ms178586(v=vs.140).aspx

Answer 7

There is no way to achieve this AFAIK. You can always use Database or File to keep session and cookie values.

Idea could be you serialize the object that you want to keep in Session or Cookie. There are many tools that does serialization for you, I use newtonsoft. Then store it as string in DB along with session key.

For getting it back you can simply fire a query based on session key, get string and deserialize it and you are done :)

Answer 8

Cookies are stored in the clients browser and sent on every request to the server. Therefore cookies are available across IIS restarts or AppDomain recyles.

Session data is by default not kept across AppDomain recycle or IIS restart. The only way to achieve this is to use a session state provider like the one for SQL server.

For this to work the session state provider needs to be able to serialize/deserilize your data in order to persist and restore it from the database, this means that you need to use types which is serializeable in your session.

You could change your code to use other types which are serializeable or store your data in a cookie instead.

Answer 9

By default, Session data is store in memory. Hence, you lost it when IIS restarts. You may consider other out of proc sessionstate provider to store the data, e.g. database, sessionstate service.