Recently, I've noticed that my website is getting hit by a crawler, which takes a very long time to open the pages. I never thought about it before but realized now that my MVC3 application never times out. For example, if I put in a Thread.Sleep(1000 * 60 * 10) (ten minutes) in my controller action and I open the page, after 10 minutes I will get rendered view.
I've read tons of articles and SO questions but no luck. I tried the solutions below on both localhost, and production server with "Release" built, but none of those did what I wanted it to do.
Solution 1:
In web.config:
<location path="ControllerName/ActionName">
<system.web>
<httpRuntime executionTimeout="1" />
</system.web>
</location>
Solution 2:
In the controller action
HttpContext.Server.ScriptTimeout = 1;
The only idea I had left was to calculate the time that elapsed since the request came in and compare it to current time and if it's bigger than my timeout limit, throw and TimeoutException() manually. I planned to put it in "OnActionExecution" and "OnActionExecuted" but if the request gets stuck somewhere in between those, I will never be able to tell if I should time it out.
Is there a good solution to implement this? Did anyone ever get request timeout to work in MVC3?
I don't think the timeout is a real problem here. I have a very strong suspicion that your site is hitting session locking issue, which is typical when being hammered by lots of simultaneous requests from the same source. Make sure you disable or mark session as readonly by default and only enable it on the actions where session is modified (like login controller for instance). See SessionStateAttribute for details.
Good answer here:
IIS Request Timeout on long ASP.NET operation
If you've already done this but are finding that your session is expiring then increase the ASP.NET HttpSessionState.Timeout value:
For example:
// Increase session timout to thirty minutes
Session.Timout = 30;
This value can also be configured in your web.config file in the sessionState configuration element:
<configuration>
<system.web>
<sessionState
mode="InProc"
cookieless="true"
timeout="30" />
</system.web>
</configuration>
Related
For testing purpose I want to set session timeout to 1 minute - is it possible?
I have defined timeout as 1 minute in web.config, but it is not working (I heard default timeout is 20 minutes so minimum 20?)
<sessionState mode="StateServer" cookieless="false" timeout="1"/>
Yes, you can set it to less than 20 minutes. Default 20 doesn't means minimum 20 .
Also, you used <sessionState> element of Web.config, so set it as:
<sessionState mode="StateServer" cookieless="false" timeout="1" />
Check this forum on asp.net : http://forums.asp.net/t/1725273.aspx/1
A session starts every time a new user hits the website, regardless of whether or not they are anonymous. Authentication has very little to do with Session.
Authentication timeout is the amount of time that the authentication cookie is good for on the user's browser. Once the cookie expires, they must re-authenticate to access protected resources on the site.
So, if Session times out before the Authentication cookie - they are still authenticated, but all their session variables disappear, and may cause errors in your website if you are not disciplined in checking for nulls and other conditions brought about by missing session.
If Authentication times out before the session, then all their session variables will still exist, but they won't be able to access protected resources until they log back in again.
Check this url. It may helpful
http://www.aspdotnet-suresh.com/2010/10/session-timeout-problem-in-aspnet.html
set <sessionState mode="StateServer" cookieless="false" timeout="1" />
This is a strange one. They always are when I get to this point.
I have an MVC app. It's a single page app so all routes are ajax calls but I don't think this is relevant.
Strangely and all of a sudden one particular page has started giving me a 401 and prompting for creds. Actually it's both pages that are in this MVC Area. It is only doing it in qa no locally so I can't debug. And It only started after last push. None of the other pages are doing this.
So I compared the headers via fiddler for a successful page and the 401 page on the site.
exactly the freakin same except the url.
the actions
the action for 401
public ActionResult Display_Template(ViewModel input)
{
return this.View("Display", new TasksByFieldViewModel());
}
for the 200
public ActionResult AddUpdate_Template(ViewModel input)
{
return View("VendorAddUpdate", new VendorViewModel());
}
The only changes are this and this makes no sense.
From the 401 page, I redirect to an aspx page that has a reportviewer on it. But you have to click a button and then you are window.locationed on over. It can't possibly have anything to do with that.
The second is that I upgraded from sqlserver trial to sqlserver standard on the qa server.
That's all I got. completely befuddled.
Any thoughts would be great.
Thanks,
Raif
EDIT\Fix\Hack:
Ok well this is either confusing or enraging. It's too early to tell.
My MVC Area, the one that is breaking, well it was named "Reports" because, well it was full of reports. After doing some hail mary tests I changed the Area name to Reportsx, now it works like a dream. As I certainly never told any part of the stack to demand credentials if the Area name is Reports I can only assume that there is some IIS setting or MVC setting that says if the url is xxx/Reports then demand creds.
I'm open to alternative views.
If the system at wherever you work is similar to the one where I work, then when you say "in QA" you mean you've put your code on a server for the testers to poke at. Now, when I first started here, I was told to leave certain existing config files as I found them on this server, because changes will introduce things that are specific to my machine and break things. I'm guessing you have a similar policy, and have therefore deployed your new page to a server, but left that server's Web.config alone. However, in Web.config, there's a whole list of sections that look something like this:
<location path="something">
<formsAuthenticationWrapper enabled="false"/>
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true"/>
<anonymousAuthentication enabled="false"/>
</authentication>
</security>
</system.webServer>
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
where the "something" as the path value in the first line can be a path like "Assets/CSS" or a page like "Login.aspx". You'll notice that there's various settings for auth modes.
Now, if the Web.config on the QA server mentions something called "Reports" and specifies that it requires a particular auth mode, then failure to provide suitable credentials for that mode will result in a 401. Changing the name to "Reportsx" probably just meant that it can no longer find a matching entry, and so fell back to a default mode, which apparently lets people in.
So, try checking the server's Web.config for sections mentioning "something/Reports" and see what auth they require.
i have long process in ajax that make problem
i added asyncpostbacktimeout=600 to the script manager
<asp:ScriptManager AsyncPostBackTimeOut="600" runat="server" ID="SmPage" EnablePageMethods="true" />
in the local host its working great,
but when i tested it on the server it still have the some problem
any advise ?
Thanks
You might have to increase executionTimeout in web.config otherwise the request itself is timing out.
Have a look at executionTimeout at msdn. It explains the difference between Debug=True/False and this is probably causing the difference between localhost and production.
executionTimeout
Optional Int32 attribute.
Specifies the maximum number of seconds that a request is allowed to
execute before being automatically shut down by ASP.NET.
This time-out applies only if the debug attribute in the compilation
element is False. If the debug attribute is True, to help avoiding
application shut-down while you are debugging, do not set this
time-out to a large value.
The default is 110 seconds.
Add executionTimeout to configuration/system.web/httpRuntime in Web.Config and let me know if it works:
<configuration>
<system.web>
<httpRuntime executionTimeout="600" />
</system.web>
</configuration>
I am running an ASP.NET 2.0 application in IIS 6.0. I want session timeout to be 60 minutes rather than the default 20 minutes. I have done the following
Set <sessionState timeout="60"></sessionState>
in web.config.
Set session timeout to 60 minutes in IIS manager/Web site properties/ASP.NET configuration settings.
Set idle timeout to 60 minutes in application pool properties/performance.
I am still getting a session timeout at 20 minutes. Is there anything else I need to do?
Are you using Forms authentication?
Forms authentication uses it own value for timeout (30 min. by default). A forms authentication timeout will send the user to the login page with the session still active. This may look like the behavior your app gives when session times out making it easy to confuse one with the other.
<system.web>
<authentication mode="Forms">
<forms timeout="50"/>
</authentication>
<sessionState timeout="60" />
</system.web>
Setting the forms timeout to something less than the session timeout can give the user a window in which to log back in without losing any session data.
I don't know about web.config or IIS.
But I believe that from C# code you can do it like
Session.Timeout = 60; // 60 is number of minutes
Use the following code block in your web.config file.
Here default session time out is 80 mins.
<system.web>
<sessionState mode="InProc" cookieless="false" timeout="80" />
</system.web>
Use the following link for Session Timeout with popup alert message.
Session Timeout Example
FYI:The above examples is done with devexpress popup control so you need to customize/replace devexpress popup control with normal popup control. If your using devexpress no need to customize
In my situation, it was Application Pool. It is set to restart when idle for xx mins. When I set it to not restart, it seems to use value from Web Config.
Do you have anything in machine.config that might be taking effect? Setting the session timeout in web.config should override any settings in IIS or machine.config, however, if you have a web.config file somewhere in a subfolder in your application, that setting will override the one in the root of your application.
Also, if I remember correctly, the timeout in IIS only affects .asp pages, not .aspx. Are you sure your session code in web.config is correct? It should look something like:
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
stateNetworkTimeout="60"
sqlConnectionString="data source=127.0.0.1;Integrated Security=SSPI"
cookieless="false"
timeout="60"
/>
That is usually all that you need to do...
Are you sure that after 20 minutes, the reason that the session is being lost is from being idle though...
There are many reasons as to why the session might be cleared. You can enable event logging for IIS and can then use the event viewer to see reasons why the session was cleared...you might find that it is for other reasons perhaps?
You can also read the documentation for event messages and the associated table of events.
https://usefulaspandcsharp.wordpress.com/tag/session-timeout/
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" timeout="60" slidingExpiration="true" />
</authentication>
<sessionState mode="InProc" timeout="60" />
If you are using Authentication, I recommend adding the following in web.config file.
In my case, users are redirected to the login page upon timing out:
<authentication mode="Forms">
<forms defaultUrl="Login.aspx" timeout="120"/>
</authentication>
Since ASP.Net core 1.0 (vNext or whatever name is used for it) sessions are implemented differently.
I changed the session timeout value in Startup.cs, void ConfigureServices using:
services.AddSession(options => options.IdleTimeout = TimeSpan.FromSeconds(42));
Or if you want to use the appsettings.json file, you can do something like:
// Appsettings.json
"SessionOptions": {
"IdleTimeout": "00:30:00"
}
// Startup.cs
services.AddSession(options => options.IdleTimeout = TimeSpan.Parse(Config.GetSection("SessionOptions")["IdleTimeout"]));
You can find the setting here in IIS:
It can be found at the server level, web site level, or app level under "ASP".
I think you can set it at the web.config level here. Please confirm this for yourself.
<configuration>
<system.web>
<!-- Session Timeout in Minutes (Also in Global.asax) -->
<sessionState timeout="1440"/>
</system.web>
</configuration>
The default session timeout is defined into IIS to 20 minutes
Follow the procedures below for each site hosted on the IIS 8.5 web
Open the IIS 8.5 Manager.
Click the site name.
Select "Configuration Editor" under the "Management" section.
From the "Section:" drop-down list at the top of the configuration
editor, locate "system.web/sessionState".
Set the "timeout" to "00:20:00 or less”, using the lowest value
possible depending upon the application. Acceptable values are 5
minutes for high-value applications, 10 minutes for medium-value
applications, and 20 minutes for low-value applications.
In the "Actions" pane, click "Apply".
IIS sessions timeout value is for classic .asp applications only, this is controlled on IIS configuration.
In your case For ASP.NET apps, only the web.config-specified timeout value applies.
if you are want session timeout for website than remove
<authentication mode="Forms">
<forms timeout="50"/>
</authentication>
tag from web.config file.
The Timeout property specifies the time-out period assigned to the Session object for the application, in minutes. If the user does not refresh or request a page within the time-out period, the session ends.
IIS 6.0: The minimum allowed value is 1 minute and the maximum is
1440 minutes.
Session.Timeout = 600;
After changing the session timeout value in IIS, Kindly restart the IIS.
To achieve this go to command prompt. Type IISRESET and press enter.
I currently have an ASP.NET MVC project that has file uploading and it works great if the user has a good enough connection and their file is of a reasonable size.
The problem I'm running into is that sometimes a user might have a 56k connection (how they can live with it in this day and age, I don't know) or are uploading a larger file or some combination of the two.
I'd like to keep a small timeout for normal pages (90 seconds or so), but allow for a larger timeout for actions where a user is uploading. This is just one action, so I don't mind putting code inside just that singular action rather than a generic solution.
Ultimately, a solution that would automatically increase the timeout if Request.Files.Count > 0 would be the best.
I'm not sure if this would work in an MVC project, but you could try creating a location in your web.config and set the execution timeout for just your upload URL. For example:
<location path="YourUrl">
<system.web>
<httpRuntime executionTimeout="9001"/>
</system.web>
</location>
You might need to increase the timeout in web.config:
<httpRuntime executionTimeout="01:00:00" />
Now this is overridable in sub web.config files meaning that if you want to increase the timeout only for the uploading script you could write a generic HTTP handler that will handle the uploads and put it in its own subfolder with its own web.config.
Possible issue: If its not a timeout because of the zero activity, maybe its something to do with the built in size restriction, in the web.config httpRuntime section you could add/increase maxRequestLength="" to your size limit