tags:

views:

811

answers:

4
+3  Q: 

ASP session expiration issue

Hello everyone,

Some of my legacy program is using ASP (not ASP.Net), and even if I set long session expire time for example to 20 minutes, sometimes in short time (e.g. in several minutes) I will still notice session expire error box -- "too much idle time, please login again".

Any ideas to analalyze further? Not sure whether it is my code bug or server (browser) configuration issue? Since not all client/server met with this strange issue.

BTW: the session expire box is triggred by my code:

<%
    if session("timeToken") = "" then
%>

<script language = "JavaScript">
<!--
window.alert ("too much idle time, please login again");
//-->
</script>
<%
response.End()
end if
%>

thanks in advance, George

+1  A: 

A couple of ideas based on your update:

  1. Is there another reason your session("timeToken") could be empty? Another piece of code somewhere or perhaps the variable was misspelled somewhere?

  2. How does the actual value of session("timeToken") change in your code? Is it set when the session starts? Is it updated periodically? What value does it store?

The code you've written seems to be fine, so if it's not a code issue it will likely be a genuine session problem... just some things to check first.

Updates:

  • ASP session state is generally maintained using cookies - could you check that the client has cookies enabled?
  • Is the ASP application served by more than one server? If it's being served from a web farm or cluster, you'll need to make sure that session state can persist across the machines or that a user's session is "sticky" - that is, it's always served by the same server.

More information and help can be found here: http://msdn.microsoft.com/en-us/library/ms972338.aspx

Damovisa  2009-06-04 10:41:05
What do you mean "2.How does the actual value of session("timeToken") change?" -- in what situations will it change automatically out of my code?
George2  2009-06-04 10:47:16
Appreciate if you could let me know any settings from IIS or OS or browser side which impact session expiration?
George2  2009-06-04 10:49:59
Sorry for the delay - I've put some more ideas in my answer
Damovisa  2009-06-05 05:45:56
@Damovisa, a further question. Is it elegant code to check whether session variable is String.Empty to decide whether session expires as I showed in my original code? I have this confusion because I did not find formal documents which mention this is elegant way.
George2  2009-06-05 15:03:34
My client enables session and I am using single web server to host the web application, using in-process session management.
George2  2009-06-05 15:06:57
@George2 - I don't know if I'd call it elegant - it should work though. Have a look at the second question in my answer as well - I haven't got a clear idea of how you're using this session variable. It could be something as simple as it being explicitly set to "" at some point...
Damovisa  2009-06-09 00:08:18
+1  A: 

Make sure you site stays in the same case sensitive folders

e.g.

http://myserver.com/MyWebSite/

does not have the same session cookie as

http://myserver.com/mywebsite/

So it would log you out.

u07ch  2009-06-04 14:45:27
First I've heard of that behaviour? Can you supply any references for this?
AnthonyWJones  2009-06-04 15:14:56
"Many Web browsers, including Microsoft Internet Explorer version 4.0, or later, and Netscape browsers, preserve the case of the cookie path." http://msdn.microsoft.com/en-us/library/ms525506.aspx
u07ch  2009-06-04 16:06:40
and lots and lots of bitter experience when IE 4 came out and my ASP application was ruined ;)
u07ch  2009-06-04 16:07:25
@u07ch, we are using IE 7 or IE 8. Seems this issue is not for IE 7 or IE 8?
George2  2009-06-05 14:45:25
+1  A: 

It could be the IIS limitation on your application seesion timeout.

Try this:

  1. Right click on you app folder in IIS
  2. Then go Properties -> Virtual Directory Tab -> Then the Configuration Button on the right bottom
  3. If it's disabled, then create the application first clicking the button Create
  4. Under the configuration window click on the Options tab and you will find SESSION TIMEOUT set by default to 20(mins)

hope this is the aswer to your prayers :)

100r  2009-06-04 14:51:03
Never solves me issue, any other hints or new ideas?
George2  2009-06-06 04:37:19
+1  A: 

Check that the application pool your app runs in is not recycling for some reason. For example does it have a more aggressive idle timeout (in a test scenario you may be the only on using the app and hence your not using it constitutes not just an idle session but an idle application).

The all sorts of different reasons that tha app pool can be configured for that will trigger a recycle.

Check the event logs when you have an unexcepted timeout, does anything look unusual there?

AnthonyWJones  2009-06-04 15:19:20
I am interested in your reply, a few questions/comments, 1. why application pool recycling will make session timeout (I think IIS should be well designed that is there is live session, should not make application pool recycling) and how to check current timeout setting in IIS? 2. From Windows event log or from IIS log, is it able to check whether session timeout issue is caused by application pool recycle? 3. "Check the event logs when you have an unexcepted timeout" -- event log of IIS? of OS or of my application?
George2  2009-06-05 14:38:14
@George: 1. It is not bad design for IIS to timeout in this way. It is good design that the app pool understands little about the sorts of applications running in it. Hence its quite appropriate that it is ignorant of application specific features such as session management. In IIS 6 manager open app pools branch, select properties on a pool, on performance tab there is a Idle timeout section. In IIS 7 click Advanced Settings... in the actions pane once you have select the app pool, the idle timeout is in the Process Model category.
AnthonyWJones  2009-06-05 17:36:44
@George: 2 and 3. Not specifically but unexpected recycles are logged. In IIS7 Advanced Settings for an app pool also has a Generate Recycle Event Log Entry value where you can configure what recycle events generate logs. I wouldn't be surprised if IIS 6 had such a feature but its not exposed in the management UI that I can see.
AnthonyWJones  2009-06-05 17:39:59
@AnthonyWJones, 1. if I set session timeout in my code explicitly, and also configured session timeout in IIS concole, and also configured application pool idle time, which one will take effect? 2. I think the application pool restart or idle for some time, sessions will all be expired, correct? If yes, I am interested how will application pool treat idle? The same as how ASP treats idle (in the context of session expire)?
George2  2009-06-06 04:41:27

related questions

Is there a way to clear a user's brower of my page, or say not to use cache?
Displaying the current authenticated Sharepoint user from an asp.net Page Viewer Web Part
Tools for converting from ASP to ASP.NET?
XML based website - how to create?
IIS ASP Caching
"Expires" in http header for static content? how-to
Asp XML Parsing
Checking if another web server is listening from asp
Membership bulk email software
Customizing Search Results Display in Sharepoint Services 3.0 Wiki
What to put in a session variable
Looking for ways to automate web site testing
python cgi on IIS
asp consuming a web service, what do do with recordset object ?
Asp.net path compaction
How to compress JPEG images with ASP on Windows CE
Best practices for refactoring classic ASP?
What's the best way to manage a classic asp front-end using Visual Studio 2008?
IIS 6/COM+ hangs
Printers not available unless shared.
Calling REST web services from a classic asp page
Creating iCal Files in c#
Best references for secure coding practices in ASP.NET and classic ASP.
LinqDataSource - Can you limit the amount of records returned?
ASP, need to use SFTP