I have a web forms application that I tested and works good locally.
When i upload it to a web server that hosts my site, it often just logs out users(they get redirected to the Account/Login.aspx page).
It doesn't produce an error in application so i dont know how to debug it properly but i think that it happens during page load event because users get logged out of the application sometimes(not always) after they make some changes, but the changes stay saved.
I think for some reason my session variable that keeps the login of the user gets reset.
If you have an idea or point me in some direction what and how i can investigate this issue, i would really appreciate it.
This is my code that runs on page load in my site Master.cs, maybe it helps:
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["UserId"] == null)
{
Response.Redirect("~/Account/login.aspx");
}
if (!Session["Role"].ToString().Equals("Coach"))
{
if (Session["Role"].ToString().Equals("Administrator"))
Response.Redirect("~/AdminForm/AdminHome.aspx");
if (Session["Role"].ToString().Equals("User"))
Response.Redirect("~/Form/Progress.aspx");
}
}
}
Thank You!
Did you set the timeout in your web.config file?
system.web>
<authentication mode="Forms">
<forms timeout="50000000" slidingExpiration="true"/>
</authentication>
</system.web>
If you users are on the site for more than 20 minutes it will log out. You can try web.config or IIS settings it will not help.
I found the best way to handle this is to use a KeepAlive page in and hidden iFrame that posts back to the server every 18 minutes. This will keep the worker process running and the site will never time out.
I have used this method on Internally Facing sites since the end users want to be on the site 8 to 5 without getting logged out.
Sample project at this link
Related
Good Day!
I just need some help regarding this issue that I'm encountering using BotDetect Captcha.
Issue: Session Troubleshooting: New Session Initialized on Postback, potential timeout or Session resume problem
I'm using version 4.1.0.0 of BotDetect.dll in asp.net/SharePoint site.
The issue is happening upon clicking the Submit button in the page and when it postback to validate the page inputs, the captcha section will fail and show this issue.
This is the code that I use to validate the captcha input:
isValid = BotDetectCaptcha.Validate(CaptchaCodeTextBox.Text.Trim().ToUpper());
if (isValid){ //code here }
The thing that makes me wonder is that this code is working fine in my Dev environment which I'm using default values in the web.config of the site.
However, when we deployed this to the staging server, this error occurs.
One thing to point is the sessionState in dev is just inProc and in staging, it is using a custom sessionState to an SQL DataBase - and I'm not sure if this is the cause.
Here is the sessionState setting in staging:
<sessionState mode="SQLServer" timeout="60" allowCustomSqlDatabase="true" sqlConnectionString="Data Source=<server>;Initial Catalog=<table>;Integrated Security=True;Enlist=False;Pooling=True;Min Pool Size=0;Max Pool Size=100;Connect Timeout=15" />
I have no control of the settings of the iis/site in the server so this is getting harder on my end so I'm hoping someone might be able to point directions on what to check or troubleshoot.
Thank you very much!
It turns out to be a server issue after all. Something with regards to network blocking connections to some resources.Tried to deploy the same to other server and it is working.
I have a problem with my project Asp.net mvc 1.0, with .net framework 2.0. My application is hosted on a IIS 7.5. My authentication form looks like this:
<authentication mode="Forms">
<forms protection="All" loginUrl="~/Account/LogOn" timeout="60" cookieless="UseUri" />
</authentication>
<httpRuntime executionTimeout="1000" maxRequestLength="600000" />
<sessionState mode="InProc" cookieless="UseUri" timeout="60">
</sessionState>
When a user connects to the webpage, he receives a session id which is stored in the URL. When I connect to my webpage with the default UserAgent (in every browser, Chrome/FF/IE) everything works fine. When I override the browser UserAgent and try to connect with the User agent XXXXXXXX.UP.BROWSER, I receive an infinite redirection loop to address
http://<IP>_redir=1
But when I connect to the default webpage IIS - the user agent doesn't matter and everything loads fine, so it must be a problem with the specified UserAgent and my Application. I tried to find any filters for that XXXXXXXX.UP.BROWSER UserAgent but there aren't any. When I studied application lifecycle I tried to find the differences between good connection and wrong connection and found that functions which are NOT executed are:
Application_AcquireRequestState
Application_PostAcquireRequestState
Application_PreRequestHandlerExecute
Application_PostRequestHandlerExecute
Application_ReleaseRequestState
Application_PostReleaseRequestState
Application_UpdateRequestCache
Application_PostUpdateRequestCache
and another clue I found is that there is no Session in "wrong" connection - Session object is null.
To sum it up: The connection to my application web page with a specified user agent makes an infinite redirection loop, probably because of the lack of the session ID. What could be the problem ?
EDIT: I discovered that User Agent that contains "UP.Browser" is related to mobile. When I changed cookieless to "UseCookies" everything works. Why option "UseUri" doesn't work for mobiles?
EDIT2 : /admin -> my webpage hosted on specified IP address.
Good connection :
Wrong connection:
Sorry, I don't know how to make these images bigger.
http://msdn.microsoft.com/en-us/library/aa479315.aspx
So you're putting two different values into the URI, one for session and one for forms, which would probably create a lengthy URI:
"The principal limitation of this feature is the limited amount of data that can be stored in the URL. This feature is not targeted at common browsers such as IE, since these do support cookies and do not require this feature. The browsers that do not support cookies are the ones found on mobile devices (such as phones), and these browsers typically severely limit the size of the URL they support. So, be careful when you use this feature—try to make sure that the cookieless string generated by your application is small."
My guess is that the key to the infinite redirect loop is this functionality:
"// Step 5: We can't detect if cookies are supported or not. So, send a
// challenge to the client. We do this by sending a cookie, as
// well as setting a query string variable, and then doing a
// redirect back to this page. On the next request, if cookie
// comes back, then Step 3 will report that "cookies are
// supported". On the other hand, if the next request does not
// have any cookies, then Step 4 will report "cookies not
// supported".
SetAutoDetectionCookie();
Redirect(ThisPage + Our_auto_detect_challenge_variable);"
Unfortunately, this sounds like a bit of an architecture rethink, as it's probably going to now matter what the full path to your site is and you may have to drop automatic handling of forms authentication.
As you said the issue is for mobile browsers, I think this issue is limited to the devices(MOBILE) where the cookies are not supported and the Size of the URL increases and mobile browser severely limit that size, as mentioned in the MSDN reference article above.
My solution was to change User Agent containing "UP.Browser" to something else using rewrite rule. Everything works fine ;)
Edit: I found another clue.
In mobile browser - these with user agents containing "UP.Browser", it was necessary to add slash at the of the address.
In conclusion:
Everything works fine for user agents not related with "UP.Browser".
User agents containing "UP.Browser" needed address like:
http://addr/controller/
I don't know why it is necessary. Any ideas?
I want my web page to close when SessionState timeout occures. This is my code in my web config:
<system.web>
<sessionState timeout="1" mode="InProc"/>
</system.web>
I set to 1 minute for testing purposes. The following is my Global.asax code:
protected void Session_End(object sender, EventArgs e)
{
Response.Redirect("~/LogOut.aspx");
}
I put a label on one of the pages in order to check the session timeout, this is the code in the Page_Load event:
lblSession.Text = "SESSION TIME: " + Session.Timeout.ToString();
When I enter the site and come to this page the label shows SESSION TIME: 1, but after 1 minute I don't get redirected to the LogOut page and the present page is still fully active and working, apparently meaning that the session has not been terminated.
I am working in Visual Studio 2008 thru the development server so suggestions I've seen relating to IIS settings don't seem to be relevant at this stage.
Please help!
HTTP is a request / response protocol. There is no persistent connection between the browser and the server. The code in Session_End thus effectively does nothing — it can't tell the browser to do anything.
You would need to make a (client-side) JavaScript timer and actively load the logout page right before the session timeout elapses.
Session_End in my experience gets called on the first postback (could be implemented via a client-side Timer) after the timeout occurred - whenever that might be... if the user just closes the browser this event may never be called (except for the case you made a specific JS handler unload to do the postback in that situation).
For some information see:
http://justgeeks.blogspot.com/2008/07/aspnet-session-timeouts.html
http://www.highoncoding.com/ArticleDetails.aspx?articleID=108
http://forums.asp.net/t/1271309.aspx/2/10
http://www.codeproject.com/KB/aspnet/PageTracking.aspx
http://p2p.wrox.com/asp-pro-code-clinic/1648-session_onend-not-firing.html
http://aspalliance.com/1182_Troubleshooting_Session_Related_Issues_in_ASPNET.all
This doesn't seem to be the correct way of testing your session timeout. Try putting something in the session variables. Don't touch the page for another couple of minutes, and try reading it back from Session. If your session is alive, you should be able to see the variables, else... you won't.
Learn more about session and troubleshooting session... http://aspalliance.com/1182_Troubleshooting_Session_Related_Issues_in_ASPNET
Is there any way to clear the ASP.NET session when the system looses its connection? I guess it could be implemented using JavaScript can anyone tell me how?
Page must be automatically redirect to logout.aspx after system gets connected to internet again.
For more clarity, chat scripts shows online and offline notification. It means for example when his Gmail page is ON his contacts can see him status as green. When his page is OFF his contacts see it OFF. How this is implemented?
Well you can use session timeout in ASP.NET for disconnecting the user on inactivity for certain duration. Its usage in web.config file:
<system.web>
|
|
<authentication mode="Forms" />
<sessionState mode="InProc" timeout="20"/>
|
|
</system.web>
HTTP is a stateless protocol as all other have said so....
I do not understand what do you mean by the when the system looses its connection. An ambiguous answer to the same can be: You can also edit your global.asax file for clearing session. You can use Session.Abandon() in the methods: Session_End and Application_End. A little demonstratively:
void Session_End(object sender, EventArgs e)
{
Session.Abandon();
// Code that runs when a session ends.
}
void Application_End(object sender, EventArgs e)
{
Session.Abandon();
// Code that runs on application shutdown
}
I suggest just using the sessions timeout in ASP if you intend for the client to be disconnected, maybe from lack of activity. Unless you want the session cleared if the server goes down?
I'm having a strange issue where the session ends after a postback when I debug it in visual studio 2010.
I store a variable in a session on the first page. It keeps its value in the next page but after that it gets lost. It returns a null value. The strange thing is when i copy the exact code to the dev or test servers, it works fine...
Any ideas what could be happening? Thanks.
UPDATE
The code is fairly simple. I have a default.aspx page where I'm setting a session variable:
HttpContext.Current.Session["PurchaseOID"] = purchaseOID;
When I click 'Next' the Default.aspx page redirects it to a Information.aspx page. Additional user information is gathered on this page (using DevExpress controls). When I click 'Next' on this page the session variable "PurhcaseOID" returns null on page load.
protected void Page_Load(object sender, EventArgs e)
{
if(HttpContext.Current.Session["PurchaseOID"] == null){
throw new Exception("error!");
}
}
Whats strange is, the Session is kept when the page is first loaded. But on postback, it loses its variables. Also, this is something that JUST started happening. I've been working on this code for a month or so and it's been working fine. When I deploy this exact code to our dev or test server, it works fine.
I'm debugging this in Cassini. Help would be greatly appreciated, thanks!
Shahzad Chaudhary
When you are testing do you have cookies disabled? I ask because the session id is stored in a cookie unless you are using cookieless sessions (rare). So if in your test environment you have cookies turned off in your browser then it will not be able to get the session values. I don't believe it throws any error when storing them though.
I figured it out, it was a stupid mistake. The change was happening in the Global.asax Application_Error method. For some reason when I put a breakpoint there it wouldn't hit.
When local debug, just set in web.config
<sessionState cookieless="true" />