i am really facing a problem with asp.net web application. i am using sessions and it seems to be fine on my local machine and IIS server.
but on my live server sessions are expiring randomly(5min max up to 30min). i have tried almost all the possibilities but i never win.
please advise me how can i fix my problem.
Did you try from webconfig..
<configuration>
<system.web>
<sessionState timeout="20"></sessionState>
</system.web>
</configuration>
Try to implement log in global.asax on session_end event and set session mode to InProc
void Session_End(object sender, EventArgs e)
{
// Code that runs when a session ends.
// Note: The Session_End event is raised only when the sessionstate mode
// is set to InProc in the Web.config file. If session mode is set to StateServer
// or SQLServer, the event is not raised.
}
<configuration>
<system.web>
<sessionState mode="InProc" timeout="20"></sessionState>
</system.web>
</configuration>
so that you can find out the cause which is expiring the session.
I have also been looking into the same thing and found a similar post that says your app memory may have been recycled due to lack of memory.
random IIS session timeout
Related
In my ASP.NET MVC5 website the login and session timeout in web.config are as follows:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" slidingExpiration="true" timeout="60"/>
</authentication>
<sessionState mode="InProc" timeout="60"/>
</system.web>
Still the session or authentication times our in five minutes. I have approached my web hosting provide to increase the timeout in IIS and they shared a screenshot after increasing the timeout in IIS, but nothing changed. Any idea why this is happening.
First of all, try setting session timeout on Session_Start method inside Global.asax:
void Session_Start(object sender, EventArgs e)
{
Session.Timeout = 60;
}
Note: By using in-process session state, your sessions will wiped out every IIS application pool recycles, which in your issue app pool recycled after 5 minutes.
If above attempt doesn't work and you have access to server's IIS management, do these steps:
Open IIS Manager.
Select Application Pools => [your app pool name] => Recycling/Advanced Settings.
Enable Regular time interval (minutes) and set it to 60, then apply your changes.
If you don't have access on both IIS Manager & SQL Server configurations, you might want to try DB-based session state management instead of InProc mode (see MSDN reference below).
DB-based session state requires changing mode attribute to SQLServer, e.g.:
<system.web>
<sessionState mode="SQLServer" sqlConnectionString="Integrated Security=SSPI;Data Source=SERVERNAME;Initial Catalog=DATABASE" />
</system.web>
Reference:
MSDN: https://msdn.microsoft.com/en-us/library/ms178586.aspx
Session expires too quickly in asp.net mvc4 application
It was an issue with the SystemIdleTime variable in the IIS. I requested my hosting provider to increase this value to 30 minutes and it worked.
It indicates that all my session variables would erase as the application pool shuts down when there is no request for 30 minutes. This value would override the session's timeout set in the website's web.cofig. You could set it to 0 to indicate that the application pool will never shut down and then you could sontrol the session's timeout through web.config. I also found this good article –
I have an Asp.net Mvc application with razor views engine , in which i used a variable Session['user'] : when an user log on the application Session['user'] = login and in the logout this variable takes as value Null.
The problem is that there is a short timeout and the session variable expires : if i do nothing in one minute after log on the application Session['user'] =null automatically.
So how can i set the timeout of the session's variable unlimited until it is changed by program?Any suggestions?
So how can i set the timeout of the session's variable unlimited until it is changed by program?Any suggestions?
You can't set timeout value to unlimited.
You can increase the time out value in minutes using the timeout attribute of sessionState element in web.config.
SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
(120 = minutes)
<sessionState mode="StateServer" cookieless="false" timeout="120"/>
Check out this Session-Time out
You cannot assign it to unlimited. You can increase the value in minutes using the time out attribute of Session state element in web.config
<sessionState timeout="30">
</sessionState>
By default session timeout value is 20 minutes. Also in your case if you are using forms authentication, check the authentication time out value as well
<authentication mode="Forms">
<forms loginUrl="logon.aspx"
protection="All" path="/" timeout="30" />
</authentication>
It's timeout of the session, not the variable. Set it in configuration in minutes
<sessionState timeout="30" />
It is not possible to set the session time out to unlimited.
Instead set the session time out to a high value.
Example:
<configuration>
<system.web>
<sessionState mode="InProc" timeout="350" />
</system.web>
</configuration>
I had a similar problem earlier and it was not about the Session Timeout value. Hence, Sometimes its now about the Timeout period. This Session Timeout may be set to 20 mins or more but if the hosting server or your computer is VERY LOW on MEMORY. The Session values are then cleared and the user will have to sometimes login again.
This low memory is sometimes caused by STORING IMAGES or BINARY VALUES in the Database instead of storing as Files on the Server and access them using System.IO.File procedure. So when you attempt to fetch some records, their IMAGES DATA on the TABLE will also be fetched, resulting in a SIGNIFICANT reduction in performance and also OVER-CONSUMPTION of available MEMORY.
IT MAY BE THAT YOUR COMPUTER OR HOSTING IS VERY LOW ON MEMORY (Not Storage Space)
Hope this helps.
Recently, I've noticed that my website is getting hit by a crawler, which takes a very long time to open the pages. I never thought about it before but realized now that my MVC3 application never times out. For example, if I put in a Thread.Sleep(1000 * 60 * 10) (ten minutes) in my controller action and I open the page, after 10 minutes I will get rendered view.
I've read tons of articles and SO questions but no luck. I tried the solutions below on both localhost, and production server with "Release" built, but none of those did what I wanted it to do.
Solution 1:
In web.config:
<location path="ControllerName/ActionName">
<system.web>
<httpRuntime executionTimeout="1" />
</system.web>
</location>
Solution 2:
In the controller action
HttpContext.Server.ScriptTimeout = 1;
The only idea I had left was to calculate the time that elapsed since the request came in and compare it to current time and if it's bigger than my timeout limit, throw and TimeoutException() manually. I planned to put it in "OnActionExecution" and "OnActionExecuted" but if the request gets stuck somewhere in between those, I will never be able to tell if I should time it out.
Is there a good solution to implement this? Did anyone ever get request timeout to work in MVC3?
I don't think the timeout is a real problem here. I have a very strong suspicion that your site is hitting session locking issue, which is typical when being hammered by lots of simultaneous requests from the same source. Make sure you disable or mark session as readonly by default and only enable it on the actions where session is modified (like login controller for instance). See SessionStateAttribute for details.
Good answer here:
IIS Request Timeout on long ASP.NET operation
If you've already done this but are finding that your session is expiring then increase the ASP.NET HttpSessionState.Timeout value:
For example:
// Increase session timout to thirty minutes
Session.Timout = 30;
This value can also be configured in your web.config file in the sessionState configuration element:
<configuration>
<system.web>
<sessionState
mode="InProc"
cookieless="true"
timeout="30" />
</system.web>
</configuration>
I have read some issues related to session time out and i have changed the settings but no avail.
This is entry of session in web.config. i want to expire the session after 5 hours.
<sessionState mode="InProc" timeout="300" />
On Login page i am adding user name in session
Session.Add("Authenticated", UserName);
and my each page is inherited with BasePage and in base class i have this check for each page.
if (Session["Authenticated"] == null)
{
Response.Redirect("../userlogin.aspx");
}
but session expires before one hour.
I want to confirm that during this there is no change in web.config, Bin folder files etc.
Take a look at this ASP.NET Session Timeouts.
Besides IIS Idle timeout there is Forms authentication timeout, which is 30 min by default. So you will be redirected to the login page before the session actually expired.
<system.web>
<authentication mode="Forms">
<forms timeout="300"/>
</authentication>
<sessionState timeout="300" />
</system.web>
If you are hosting it on IIS6 (Win2K3) then go to the settings in the Application Pool in which your application runs. You need to set it there as well.
I am running an ASP.NET 2.0 application in IIS 6.0. I want session timeout to be 60 minutes rather than the default 20 minutes. I have done the following
Set <sessionState timeout="60"></sessionState>
in web.config.
Set session timeout to 60 minutes in IIS manager/Web site properties/ASP.NET configuration settings.
Set idle timeout to 60 minutes in application pool properties/performance.
I am still getting a session timeout at 20 minutes. Is there anything else I need to do?
Are you using Forms authentication?
Forms authentication uses it own value for timeout (30 min. by default). A forms authentication timeout will send the user to the login page with the session still active. This may look like the behavior your app gives when session times out making it easy to confuse one with the other.
<system.web>
<authentication mode="Forms">
<forms timeout="50"/>
</authentication>
<sessionState timeout="60" />
</system.web>
Setting the forms timeout to something less than the session timeout can give the user a window in which to log back in without losing any session data.
I don't know about web.config or IIS.
But I believe that from C# code you can do it like
Session.Timeout = 60; // 60 is number of minutes
Use the following code block in your web.config file.
Here default session time out is 80 mins.
<system.web>
<sessionState mode="InProc" cookieless="false" timeout="80" />
</system.web>
Use the following link for Session Timeout with popup alert message.
Session Timeout Example
FYI:The above examples is done with devexpress popup control so you need to customize/replace devexpress popup control with normal popup control. If your using devexpress no need to customize
In my situation, it was Application Pool. It is set to restart when idle for xx mins. When I set it to not restart, it seems to use value from Web Config.
Do you have anything in machine.config that might be taking effect? Setting the session timeout in web.config should override any settings in IIS or machine.config, however, if you have a web.config file somewhere in a subfolder in your application, that setting will override the one in the root of your application.
Also, if I remember correctly, the timeout in IIS only affects .asp pages, not .aspx. Are you sure your session code in web.config is correct? It should look something like:
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
stateNetworkTimeout="60"
sqlConnectionString="data source=127.0.0.1;Integrated Security=SSPI"
cookieless="false"
timeout="60"
/>
That is usually all that you need to do...
Are you sure that after 20 minutes, the reason that the session is being lost is from being idle though...
There are many reasons as to why the session might be cleared. You can enable event logging for IIS and can then use the event viewer to see reasons why the session was cleared...you might find that it is for other reasons perhaps?
You can also read the documentation for event messages and the associated table of events.
https://usefulaspandcsharp.wordpress.com/tag/session-timeout/
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" timeout="60" slidingExpiration="true" />
</authentication>
<sessionState mode="InProc" timeout="60" />
If you are using Authentication, I recommend adding the following in web.config file.
In my case, users are redirected to the login page upon timing out:
<authentication mode="Forms">
<forms defaultUrl="Login.aspx" timeout="120"/>
</authentication>
Since ASP.Net core 1.0 (vNext or whatever name is used for it) sessions are implemented differently.
I changed the session timeout value in Startup.cs, void ConfigureServices using:
services.AddSession(options => options.IdleTimeout = TimeSpan.FromSeconds(42));
Or if you want to use the appsettings.json file, you can do something like:
// Appsettings.json
"SessionOptions": {
"IdleTimeout": "00:30:00"
}
// Startup.cs
services.AddSession(options => options.IdleTimeout = TimeSpan.Parse(Config.GetSection("SessionOptions")["IdleTimeout"]));
You can find the setting here in IIS:
It can be found at the server level, web site level, or app level under "ASP".
I think you can set it at the web.config level here. Please confirm this for yourself.
<configuration>
<system.web>
<!-- Session Timeout in Minutes (Also in Global.asax) -->
<sessionState timeout="1440"/>
</system.web>
</configuration>
The default session timeout is defined into IIS to 20 minutes
Follow the procedures below for each site hosted on the IIS 8.5 web
Open the IIS 8.5 Manager.
Click the site name.
Select "Configuration Editor" under the "Management" section.
From the "Section:" drop-down list at the top of the configuration
editor, locate "system.web/sessionState".
Set the "timeout" to "00:20:00 or less”, using the lowest value
possible depending upon the application. Acceptable values are 5
minutes for high-value applications, 10 minutes for medium-value
applications, and 20 minutes for low-value applications.
In the "Actions" pane, click "Apply".
IIS sessions timeout value is for classic .asp applications only, this is controlled on IIS configuration.
In your case For ASP.NET apps, only the web.config-specified timeout value applies.
if you are want session timeout for website than remove
<authentication mode="Forms">
<forms timeout="50"/>
</authentication>
tag from web.config file.
The Timeout property specifies the time-out period assigned to the Session object for the application, in minutes. If the user does not refresh or request a page within the time-out period, the session ends.
IIS 6.0: The minimum allowed value is 1 minute and the maximum is
1440 minutes.
Session.Timeout = 600;
After changing the session timeout value in IIS, Kindly restart the IIS.
To achieve this go to command prompt. Type IISRESET and press enter.