views:

53

answers:

1

I'm having some trouble with users losing session data whilst going through an application form. It appears that they're losing session state part way through application forms. (ASP.NET 4.0 WebForms project, IIS 6.0)

Session is stored out-of-process in the state server so it's not config changes, appdomain recycling, etc AFAIK.

<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" timeout="20" />

I am using Forms Authentication, sliding expiration is working correctly as you can see from the logging below - You can see the ticket expiration time is correct and being extended as exprected.

<authentication mode="Forms">
   <forms loginUrl="~/Login.aspx" />
</authentication>

I have enabled some custom logging to try to track this down. On every Session_Start fire in global.asax I log something, and I also log something every time somebody loads the application form or clicks 'Next' to move between sections (in a MultiView) as they go through the app form.

Here are two examples of people losing their session state. The log starts with the date/time of the log entry, then some wording. The second date/time in brackets (after the wording) is the expiration date/time of the FormsAuthentication cookie as derived from CType(ctx.User.Identity, FormsIdentity).Ticket.Expiration.ToString

The logging also logs the user's IP Address and session ID. I have removed these before pasting them here, I can confirm the IP address and Session ID are the same for all the log entries.

Example 1:

**[26/10/2010 13:07]    Session started []**
[26/10/2010 13:11]  Application form first Page_Load [26/10/2010 13:31:19]
[26/10/2010 13:13]  App form next clicked, current index is 1 (vwSection1) [26/10/2010 13:31:19]
[26/10/2010 13:14]  App form next clicked, current index is 2 (vwSection2) [26/10/2010 13:31:19]
[26/10/2010 13:15]  App form next clicked, current index is 3 (vwSection3) [26/10/2010 13:31:19]
[26/10/2010 13:20]  App form next clicked, current index is 5 (vwSection4) [26/10/2010 13:31:19]
[26/10/2010 13:20]  App form next clicked, current index is 6 (vwSection5) [26/10/2010 13:31:19]
[26/10/2010 13:20]  App form next clicked, current index is 7 (vwMonitoring) [26/10/2010 13:31:19]
[26/10/2010 13:21]  App form next clicked, current index is 8 (vwInformation) [26/10/2010 13:31:19]
[26/10/2010 13:22]  Application form first Page_Load [26/10/2010 13:41:22]
[26/10/2010 13:25]  App form next clicked, current index is 1 (vwSection1) [26/10/2010 13:41:22]
[26/10/2010 13:26]  App form next clicked, current index is 2 (vwSection2) [26/10/2010 13:41:22]
[26/10/2010 13:26]  App form next clicked, current index is 3 (vwSection3) [26/10/2010 13:41:22]
[26/10/2010 13:28]  App form next clicked, current index is 5 (vwSection4) [26/10/2010 13:41:22]
[26/10/2010 13:28]  App form next clicked, current index is 6 (vwSection5) [26/10/2010 13:41:22]
[26/10/2010 13:28]  App form next clicked, current index is 7 (vwMonitoring) [26/10/2010 13:41:22]
[26/10/2010 13:28]  App form next clicked, current index is 8 (vwInformation) [26/10/2010 13:41:22]
**[26/10/2010 13:28]    Session started [26/10/2010 13:41:22]**
[26/10/2010 13:31]  Application form first Page_Load [26/10/2010 13:51:24]
[26/10/2010 13:31]  App form next clicked, current index is 1 (vwSection1) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 2 (vwSection2) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 3 (vwSection3) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 5 (vwSection4) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 6 (vwSection5) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 7 (vwMonitoring) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 8 (vwInformation) [26/10/2010 13:51:24]

Example 2:

**[24/10/2010 17:44]    Session started []**
[24/10/2010 17:50]  Application form first Page_Load [24/10/2010 18:10:13]
[24/10/2010 18:00]  App form next clicked, current index is 1 (vwSection1) [24/10/2010 18:20:40]
**[24/10/2010 18:07]    Session started [24/10/2010 18:20:40]**
[24/10/2010 18:08]  App form next clicked, current index is 2 (vwSection2) [24/10/2010 18:20:40]
[24/10/2010 18:10]  App form next clicked, current index is 2 (vwSection2) [24/10/2010 18:20:40]
[24/10/2010 18:10]  App form next clicked, current index is 1 (vwSection1) [24/10/2010 18:30:42]
[24/10/2010 18:10]  App form next clicked, current index is 1 (vwSection1) [24/10/2010 18:30:52]
[24/10/2010 18:10]  App form next clicked, current index is 1 (vwSection1) [24/10/2010 18:30:58]
[24/10/2010 18:12]  Application form first Page_Load [24/10/2010 18:31:35]
[24/10/2010 18:12]  App form next clicked, current index is 1 (vwSection1) [24/10/2010 18:31:35]
[24/10/2010 18:13]  App form next clicked, current index is 2 (vwSection2) [24/10/2010 18:31:35]
[24/10/2010 18:13]  App form next clicked, current index is 2 (vwSection2) [24/10/2010 18:31:35]
[24/10/2010 18:16]  App form next clicked, current index is 3 (vwSection3) [24/10/2010 18:31:35]
[24/10/2010 18:16]  App form next clicked, current index is 5 (vwSection4) [24/10/2010 18:31:35]
[24/10/2010 18:17]  App form next clicked, current index is 6 (vwSection5) [24/10/2010 18:31:35]
[24/10/2010 18:18]  App form next clicked, current index is 7 (vwMonitoring) [24/10/2010 18:31:35]
[24/10/2010 18:18]  App form next clicked, current index is 8 (vwInformation) [24/10/2010 18:31:35]

You can see in the first example that the session originally started at 13:07 but was also started at 13:28.

You can see in the second example that the session originally started at 17:44 and was restarted at 18:07.

I understand that these times are 20 minutes after the session started. But the session was not idle. You can see it was not idle because of the rest of the log. Clicking "Next" in the application form gets something an object out of session state

Dim m As Member = StateManager.CurrentMember

then gets/sets the properties of "m".

So, to me, it looks like even though the user is not idle and accessing their session variables, that they are still losing their sessions exactly 20 minutes after they began. Note that in my Base Page (which all pages inherit from, the Base Page inherits System.Web.UI.Page) I have now started writing the current millisecond into session state so I am constantly writing into session.

The user is losing their session state because StateManager.CurrentMember (which is just HttpContext.Current.Session("CurrentMember")) returns null. This then gives an unhandled exception when I try to attach it to an entity framework Data Context - so the users see my generic error handling page.

Any ideas appreciated.

+1  A: 

You mention that you are using FormsAuthentication. Do you have the sliding expiration attribute set to true?

http://msdn.microsoft.com/en-us/library/1d3t3c61(v=VS.100).aspx

rchern
Thank you for your answer. Sliding expiration is not specified so it's gone to the default of true. The user is not being logged out and asked to login again, they are just losing session data. You can see sliding expiration is working correctly from the log - look at the last timestamp on the lines which shows the ticket expiration time - this is being extended appropriately but session_start still fires again. Will update my Q.
bgs264