I am getting an exception usually at night on a new project of mine. It is deployed to a hosting provider and visable to everyone.
My exception is:
Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. Please also make sure that System.Web.SessionStateModule or a custom session state module is included in the <system.web><httpModules> section in the application configuration.
In my web.config there is:
<pages validateRequest="false" enableSessionState="true"
enableViewStateMac="true" enableEventValidation="true"
viewStateEncryptionMode="Always">
The exception is happening while getting Session.SessionID within one of my modules. This module is present on all pages in the application.
The application runs fine when I am here at work - but a night when I am not here this happens. I also never got this error while running application on my local dev machine. So I suspect a bot. Or possibly, hosting company shutting down services for some reason?
Is there any way to prevent this from happening? Like
if(Session.Isavailable)
or something I can add to my function in programmatically?
Related
I'm trying to serve a custom "site down" page instead of the standard YSOD if the server were ever to fail during it's startup. Using <customErrors> inside of web.Config work's fine for any server error occurring after startup has completed successfully, but in this case the YSOD response is not replaced.
Other resources have lead me to adding app_offline.htm to the root of the project and playing with its name during deployment, but this does not tackle unexpected server issues occurring during startup.
Is there a way to serve a "default" page if there are any errors or a proper HTTP response could not be formed?
Yes there is a way to do that but that depends how you want to handle those errors.
If you want to redirect to the same error page on any 4xx or 5xx status codes then you can use the below code in your web.config file
<customErrors mode="On" defaultRedirect="Error.aspx">
</customErrors>
In error page you can display some user friendly message.
Good Day!
I just need some help regarding this issue that I'm encountering using BotDetect Captcha.
Issue: Session Troubleshooting: New Session Initialized on Postback, potential timeout or Session resume problem
I'm using version 4.1.0.0 of BotDetect.dll in asp.net/SharePoint site.
The issue is happening upon clicking the Submit button in the page and when it postback to validate the page inputs, the captcha section will fail and show this issue.
This is the code that I use to validate the captcha input:
isValid = BotDetectCaptcha.Validate(CaptchaCodeTextBox.Text.Trim().ToUpper());
if (isValid){ //code here }
The thing that makes me wonder is that this code is working fine in my Dev environment which I'm using default values in the web.config of the site.
However, when we deployed this to the staging server, this error occurs.
One thing to point is the sessionState in dev is just inProc and in staging, it is using a custom sessionState to an SQL DataBase - and I'm not sure if this is the cause.
Here is the sessionState setting in staging:
<sessionState mode="SQLServer" timeout="60" allowCustomSqlDatabase="true" sqlConnectionString="Data Source=<server>;Initial Catalog=<table>;Integrated Security=True;Enlist=False;Pooling=True;Min Pool Size=0;Max Pool Size=100;Connect Timeout=15" />
I have no control of the settings of the iis/site in the server so this is getting harder on my end so I'm hoping someone might be able to point directions on what to check or troubleshoot.
Thank you very much!
It turns out to be a server issue after all. Something with regards to network blocking connections to some resources.Tried to deploy the same to other server and it is working.
We have recently implemented a two way domain trust between Company A and Company B.
A classic asp/asp.net application runs on a single instance of IIS6 (running on win server 2003) within Company A's domain. The application is configured to use Integrated Windows Authentication.
When testing from company B machine, the application can be accessed fine.
The issue that we have identified is with custom error pages configured in IIS.
For example:
Company B clicks on a link to '/non_existent_page.asp', it hangs for a bit and then we eventually receive a user/passwd prompt. We then receive the following error in event viewer
Event Type: Error
Event Source: .NET Runtime 2.0 Error Reporting
Event Category: None
Event ID: 1000
Date: 13/08/2014
Time: 16:00:11
User: N/A
Description:
Faulting application w3wp.exe, version 6.0.3790.3959, stamp 45d6968e, faulting module kernel32.dll, version 5.2.3790.5295, stamp 52f3551e, debug? 0, fault address 0x0000bf93.
This temporarily makes the site unavailable for all users.
The user receives the following error in browser:
You do not have permission to view this directory or page using the
credentials that you supplied because your Web browser is sending a
WWW-Authenticate header field that the Web server is not configured
to accept.
When we enter the same URL directly into the browser's address bar, there is no issue and the custom 404 page is displayed.
The site has been added to the 'Local Intranet' trusted zone.
Broken links to aspx pages are handled by the web.config - so no problem there.
As a work around, we remove the custom 404 page in IIS and use the default file version found in windows\help\iishelp\common - This resolves the issue, but we'd really like to use our own page for these errors.
Any ideas on how we could resolve/debug this would be greatly appreciated.
You might need to have a look at the Edit Custom Error Page under IIS.
IIS --> App --> ErrorPages --> Error Codes that you want to modify
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off".
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL.
That is the default generic error message in ASP.NET.
Re the more specific "what kind of error"; impossible for us to say; it could be a configuration error in web.config, it could be problems talking to the database, it could simply need a hug and some quiet time. Like the message says, either enable remote debug output, or look at the site from the server, and it'll tell you what is actually happening. Or look in the error log (event-viewer by default), which is perhaps more useful.
Note you can replace the error page with something more... user friendly if you like. Like the lolcatz on stackoverflow.com.
Edit the web.config file to have this
<system.web>
<customErrors mode="RemoteOnly"/>
</system.web>
Running the ASP.NET webforms run the application works fine. When the application is idle for 4 to 5 minutes, it is giving this error:
Validation of viewstate MAC failed. If
this application is hosted by a Web
Farm or cluster, ensure that
configuration specifies
the same validationKey and validation
algorithm. AutoGenerate cannot be used
in a cluster.
How can this be solved?
This free online tool: http://aspnetresources.com/tools/machineKey generates a machineKey element under the system.web element in the web.config file.
Here is an example of what it generates:
<machineKey validationKey="1619AB2FDEE6B943AD5D31DD68B7EBDAB32682A5891481D9403A6A55C4F91A340131CB4F4AD26A686DF5911A6C05CAC89307663656B62BE304EA66605156E9B5" decryptionKey="C9D165260E6A697B2993D45E05BD64386445DE01031B790A60F229F6A2656ECF" validation="SHA1" decryption="AES" />
Once you see this in your web.config, the error itself suddenly makes sense.
The error you are getting says
"ensure that configuration specifies the same
validationKey and validation algorithm".
When you look at this machineKey element, suddenly you can see what it is talking about.
Modifying the pages element under the system.web element may not be necessary with this in place. This avoids the security problems associated with those attributes.
By "hard coding" this value in your web.config, the key that asp.net uses to serialize and deserialize your viewstate stays the same, no matter which server in a server farm picks it up. Your encryption becomes "portable", thus your viewstate becomes "portable".
I'm just guessing also that maybe the very same server (not in a farm) has this problem if for any reason it "forgets" the key it had, due to a reset on any level that wipes it out. That is perhaps why you see this error after an idle period and you try to use a "stale" page.
See http://blogs.msdn.com/tom/archive/2008/03/14/validation-of-viewstate-mac-failed-error.aspx
This isn't your problem but it might help someone else. Make sure you are posting back to the same page. Check the action on your form tag and look at the URL your browser is requesting using Firefox Live HTTP Headers.
I ran into this because I was posting back to a page with the same name but a different path.
Modify your web.config with this element:
<pages validateRequest="false"
enableEventValidation="false"
viewStateEncryptionMode ="Never" />
Any more info required, refer to the ASP.NET Forums topic