updating an existing asp.net website kicks off users

Question

When I update an ASP.NET Website [note: it's not a Web Application] running on a customer server by overwriting it with the latest version it currently kicks all the users off.

I'd prefer to be able to deliver a new version of a site without kicking off users - is there a way to minimise the chance that users will get kicked off? [apart from the obvious one of waiting for a time of low-usage]

If I moved from InProc to Session State I guess this might do the trick - but is there any other method?

Answer 1

Chaning away from InProc Session State should help.

The problem now is that any time your app is reset in IIS (overwriting the web.config will cause a restart), the IIS Worker process restarts and clears your session info.

Check out this MSDN Page to read the limitations of In-Process Session State:

Session State - MSDN

Answer 2

I think additionally to what you are suggesting, it will be appropriate to display an "update in progress..." page instead of kicking off users. You can do that by changing your web.config file.

Answer 3

Session IDs are valid for the lifetime of the application pool, or until (I believe) 20 minutes following the last page request from the client in question. This is configurable in web.config:

<configuration>
  <system.web>
     <sessionState 

         cookieless="false" 
         timeout="20" 
     </sessionState>
  </system.web>
</configuration>

If the application pool is recycled, files within the application are updated, etc, your session IDs will be invalidated. For this reason it is considered wise to deploy your site during off-peak hours.

Answer 4

Design your application to not rely on the existence of session state variables. Use cookies for authentication (or integrated auth) and check for session variables as you use them; reload them if they don't exist.