Hi. I'm using Form Authentication in ASP.NET 3.5.
I noticed that when my app pool recycles (every 1.5 hour), the users authenticated wuth Forms authentication (that have auth cookie) are logeed off and must re-login.
How to avoid that?
+3
A:
You have your Session Mode set to InProc, which means it's tied to that W3WP instance and flushed on restart. (At least on IIS6, not sure about IIS7)
Use StateServer or SqlServer instead.
Check the MSDN Documentation about sessionState, especially the article about Session-State Modes.
Edit: Paulo made a good comment: InProc sessions can store pretty much every object, while StateServer and SqlServer require them to be Serializable. Also, I'd like to add that they are slower - you can't beat the speed of InProc Sessions as they are stored in memory. On the other side: using State/SqlServer will benefit you if you ever need to add load-balancing to your application. There's pros and cons to all the modes, you have to pick a poison here.
Michael Stum
2010-01-10 22:29:22
True, but using a StateServer or the SqlServer State Provider, reduce the ability to store any object in the Session. Only Serializable objects can be stored this way. And depending on the application, it can have a huge impact on it.
Paulo Santos
2010-01-10 22:32:45
Very true. It can also reduce Performance significantly - Yout have to pick your Poison here.
Michael Stum
2010-01-10 22:34:03