views:

148

answers:

6

I was recently given an older ASP web application to maintain. I haven't touched it much, from what I understand, the actual VB6 project files are gone, so I only have the ASP files themselves to work with. Recently, users began complaining of being logged off, sometimes after a minute or less. I tried myself, and logged in once, clicked another link which checks authentication before showing page content, but had to log in again before going back to the page and having it show the content. This behavior seems to have just popped up, as no one has touched it, and it hasn't shown this type of behavior before. Any suggestions on where to begin? Thanks.

A: 

Is the authentication token being stored in a cookie, and cookies are now turned off in your browser?

A: 

Is it possible that the application's configuration parameters were changed? Or the IIS configuration (or a newer version of IIS)? Were there any system-level changes?

jdigital
I looked at eventvwr and haven't seen anyone besides me login, and I've changed nothing.
lush
A: 

If no one has modified anything, and no one has logged into the box, have you considered doing an iisreset just to make sure your not chasing some rare oddity? I hate resorting to iisresets but when all else fails...

If you could provide more info like the type of authentication, how its being stored (client cookie or some other method) etc...we might be able to help more.

goodluck

JoshBerke
I believe it's stored via cookie, but I'll look into that and edit my question. Thanks.
lush
A: 

what are you using to maintain state? Is it possible you are losing session due to a webfarm/webgarden scenerio? I have seen things run fine for a long time then all the sudden, the app (ok, asp.net) starts picking/choosing which proc it wants to communicate with.

schmoopy
No, it's not on a webfarm, just a single server.
lush
A: 

Can you provide us some more information?
In this way we can provide you with more specific answers.

eg. Where does the code store the session information?

TomWij
+1  A: 

As there are many ways to store user session, it's hard to tell what's happening here without more information.

If users are being logged off "randomly" that suggests to me that you are using the Session object to store authentication information. One of the following may be happening:

  1. IIS is recycling (restarting) your application. This blows away your Session objects. More info: http://msdn.microsoft.com/en-us/library/ms525803.aspx

  2. This is somewhat basic, but are you using more than one web server in some kind of load-balancing configuration? The session object is machine-specific.

Another possibility. This would apply even if you are not using the Session object. I have seen this happen many times.

  1. Is your application accessible via multiple URLs? In other words, both http://www.mysite.com and http://mysite.com. Cookies (and sessions) are domain specific and those count as two separate domains. Perhaps they're being bounced around between the two sites thanks to factors such as having pages from both domains bookmarked or because of non-relative links/redirects within your site.
John Booty