tags:

views:

53

answers:

1
+1  Q: 

Session expiring after 20 minutes: Whether idle or not.

I'm having some trouble with users losing session data whilst going through an application form. It appears that they're losing session state part way through application forms. (ASP.NET 4.0 WebForms project, IIS 6.0)

Session is stored out-of-process in the state server so it's not config changes, appdomain recycling, etc AFAIK.

<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" timeout="20" />

I am using Forms Authentication, sliding expiration is working correctly as you can see from the logging below - You can see the ticket expiration time is correct and being extended as exprected.

<authentication mode="Forms">
   <forms loginUrl="~/Login.aspx" />
</authentication>

I have enabled some custom logging to try to track this down. On every Session_Start fire in global.asax I log something, and I also log something every time somebody loads the application form or clicks 'Next' to move between sections (in a MultiView) as they go through the app form.

Here are two examples of people losing their session state. The log starts with the date/time of the log entry, then some wording. The second date/time in brackets (after the wording) is the expiration date/time of the FormsAuthentication cookie as derived from CType(ctx.User.Identity, FormsIdentity).Ticket.Expiration.ToString

The logging also logs the user's IP Address and session ID. I have removed these before pasting them here, I can confirm the IP address and Session ID are the same for all the log entries.

Example 1:

**[26/10/2010 13:07]    Session started []**
[26/10/2010 13:11]  Application form first Page_Load [26/10/2010 13:31:19]
[26/10/2010 13:13]  App form next clicked, current index is 1 (vwSection1) [26/10/2010 13:31:19]
[26/10/2010 13:14]  App form next clicked, current index is 2 (vwSection2) [26/10/2010 13:31:19]
[26/10/2010 13:15]  App form next clicked, current index is 3 (vwSection3) [26/10/2010 13:31:19]
[26/10/2010 13:20]  App form next clicked, current index is 5 (vwSection4) [26/10/2010 13:31:19]
[26/10/2010 13:20]  App form next clicked, current index is 6 (vwSection5) [26/10/2010 13:31:19]
[26/10/2010 13:20]  App form next clicked, current index is 7 (vwMonitoring) [26/10/2010 13:31:19]
[26/10/2010 13:21]  App form next clicked, current index is 8 (vwInformation) [26/10/2010 13:31:19]
[26/10/2010 13:22]  Application form first Page_Load [26/10/2010 13:41:22]
[26/10/2010 13:25]  App form next clicked, current index is 1 (vwSection1) [26/10/2010 13:41:22]
[26/10/2010 13:26]  App form next clicked, current index is 2 (vwSection2) [26/10/2010 13:41:22]
[26/10/2010 13:26]  App form next clicked, current index is 3 (vwSection3) [26/10/2010 13:41:22]
[26/10/2010 13:28]  App form next clicked, current index is 5 (vwSection4) [26/10/2010 13:41:22]
[26/10/2010 13:28]  App form next clicked, current index is 6 (vwSection5) [26/10/2010 13:41:22]
[26/10/2010 13:28]  App form next clicked, current index is 7 (vwMonitoring) [26/10/2010 13:41:22]
[26/10/2010 13:28]  App form next clicked, current index is 8 (vwInformation) [26/10/2010 13:41:22]
**[26/10/2010 13:28]    Session started [26/10/2010 13:41:22]**
[26/10/2010 13:31]  Application form first Page_Load [26/10/2010 13:51:24]
[26/10/2010 13:31]  App form next clicked, current index is 1 (vwSection1) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 2 (vwSection2) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 3 (vwSection3) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 5 (vwSection4) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 6 (vwSection5) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 7 (vwMonitoring) [26/10/2010 13:51:24]
[26/10/2010 13:32]  App form next clicked, current index is 8 (vwInformation) [26/10/2010 13:51:24]

Example 2:

**[24/10/2010 17:44]    Session started []**
[24/10/2010 17:50]  Application form first Page_Load [24/10/2010 18:10:13]
[24/10/2010 18:00]  App form next clicked, current index is 1 (vwSection1) [24/10/2010 18:20:40]
**[24/10/2010 18:07]    Session started [24/10/2010 18:20:40]**
[24/10/2010 18:08]  App form next clicked, current index is 2 (vwSection2) [24/10/2010 18:20:40]
[24/10/2010 18:10]  App form next clicked, current index is 2 (vwSection2) [24/10/2010 18:20:40]
[24/10/2010 18:10]  App form next clicked, current index is 1 (vwSection1) [24/10/2010 18:30:42]
[24/10/2010 18:10]  App form next clicked, current index is 1 (vwSection1) [24/10/2010 18:30:52]
[24/10/2010 18:10]  App form next clicked, current index is 1 (vwSection1) [24/10/2010 18:30:58]
[24/10/2010 18:12]  Application form first Page_Load [24/10/2010 18:31:35]
[24/10/2010 18:12]  App form next clicked, current index is 1 (vwSection1) [24/10/2010 18:31:35]
[24/10/2010 18:13]  App form next clicked, current index is 2 (vwSection2) [24/10/2010 18:31:35]
[24/10/2010 18:13]  App form next clicked, current index is 2 (vwSection2) [24/10/2010 18:31:35]
[24/10/2010 18:16]  App form next clicked, current index is 3 (vwSection3) [24/10/2010 18:31:35]
[24/10/2010 18:16]  App form next clicked, current index is 5 (vwSection4) [24/10/2010 18:31:35]
[24/10/2010 18:17]  App form next clicked, current index is 6 (vwSection5) [24/10/2010 18:31:35]
[24/10/2010 18:18]  App form next clicked, current index is 7 (vwMonitoring) [24/10/2010 18:31:35]
[24/10/2010 18:18]  App form next clicked, current index is 8 (vwInformation) [24/10/2010 18:31:35]

You can see in the first example that the session originally started at 13:07 but was also started at 13:28.

You can see in the second example that the session originally started at 17:44 and was restarted at 18:07.

I understand that these times are 20 minutes after the session started. But the session was not idle. You can see it was not idle because of the rest of the log. Clicking "Next" in the application form gets something an object out of session state

Dim m As Member = StateManager.CurrentMember

then gets/sets the properties of "m".

So, to me, it looks like even though the user is not idle and accessing their session variables, that they are still losing their sessions exactly 20 minutes after they began. Note that in my Base Page (which all pages inherit from, the Base Page inherits System.Web.UI.Page) I have now started writing the current millisecond into session state so I am constantly writing into session.

The user is losing their session state because StateManager.CurrentMember (which is just HttpContext.Current.Session("CurrentMember")) returns null. This then gives an unhandled exception when I try to attach it to an entity framework Data Context - so the users see my generic error handling page.

Any ideas appreciated.

+1  A: 

You mention that you are using FormsAuthentication. Do you have the sliding expiration attribute set to true?

http://msdn.microsoft.com/en-us/library/1d3t3c61(v=VS.100).aspx

rchern  2010-10-26 13:57:18
Thank you for your answer. Sliding expiration is not specified so it's gone to the default of true. The user is not being logged out and asked to login again, they are just losing session data. You can see sliding expiration is working correctly from the log - look at the last timestamp on the lines which shows the ticket expiration time - this is being extended appropriately but session_start still fires again. Will update my Q.
bgs264  2010-10-26 14:11:44

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps