Banner Ad

Sunday, October 5, 2014

ASP.Net Forums–FAQ #6: ASP.Net Session Expired Problem

By Francis   Posted at   12:29 AM   IIS Tips and Tricks 1 comment
session_expired
Most of the asp.net application using session, especially data driven applications. Mostly these kind of application using “Inproc” mode of session. During development the developer does not face any kind of problem with the session. When deploy the application the problem arise one by one. In this post I just want to share some thoughts and my professional experience on this issue.

Shared Hosting:
                  Long back ago, I have developed one small application and bought hosting “shared” hosting plan. In this point the pain started, what happened is session has been shared between the user and session has been expired soon. After some chat with my provider I came to know that they also use web-farm (also using Load balancer) plus shared hosting. In order to maintain the session of a user, the machine key must be same between the server. But that kind of provisions not given by that host provider. However, the session time out set is 20 minutes. If the Load balancer problem fixed also your user will be push out from application 20 minutes.
                  So what is my point over here is, if you have an application, tightly coupled with Session means, you should consider about this.

Apart from the above one, if you are hosted your application in an individual server and encountered the same in your environment then you should consider the below points:
In Web.Config:
Session State Node:
                    As a first step, check that web.config contains a valid entry on the “sessionState”. The “timeout” attribute denotes the idle time in minutes before a session is abandoned. By default, the time is 20 minutes. You can find more info about the “sessionState” in the below MSDN url:
http://msdn.microsoft.com/en-us/library/h6bb9cz9(v=vs.71).aspx

Form Authentication:
                       Some times form authentication will create some tricks. Scott Hanselman gives a detailed overview on this topic.
http://www.hanselman.com/blog/WeirdTimeoutsWithCustomASPNETFormsAuthentication.aspx
In IIS:
In IIS, select the “Application Pools” node, and select the application pool you have used and then select “Advanced Settings”.
     
App_pool_in_IIS


In the “Advanced Settings” popup, under the “Process Model” set the property “Idle Time-out (minutes)”.
IIS_AdvancedSettings

There is another property called, “Regular Time Interval” under the “Recycling” node. This property is used to specify the period of time after that application pool will recycle.
IIS_AdvancedSettings_2
Apart from these, some times if anti-virus software will do the trick. During the scanning of the web.config file it will update the web.config file's date time (not the content). Which can be notified by the ASP.Net runtime, in turn it will recycle the app pool. To avoid this type of scenario, it is always best to keep away the web.config file from anti-virus program scanning.

About Francis

Francis, an Associate at Cognizant. Having 7+ Years of experience in Microsoft web technologies.

1 comment :

Please give your valuable comments to improve the contents

Connect with Us