Architecture :: Access SessionState - Via App1 To SessionState From App2?
Aug 21, 2010
i'm interested to do the following - i geuss, i have no option to do that:
we have our "mainapplication" on a DB; we are tracking user-login status by switching a bit in the DB in the users data row.
we hvae a second application, the backend, which is the administration tool.
(the applications are put in seperate diretories on HD)
sometimes, we need to block/ban users. in some cases the users are logged in, when we "see them in action".
i'd like to build a button in the backend-application, which logss-out the user from the mainapplication.
for sure: i can access the same DB and switch the bit to "know" he's offline, but this will not kill the session on the mainapplication.
because: if a user is on/offline is also indicated by the session in the IIS. and as the IIS-session is active, the user may be already banned - but he will not be logged out automatically (and showing something like "you have been logged out because of a ban) one option would be to call the DB by each page-load to find out, if the user is logged on.
What would be the best way to detect if the SessionState has died in order to send the user to a "Session Expired" page? I've successfully configured the app (in Web.config) to do this when the authentication cookie is gone (there's a setting for that), but so far I haven't found an effective way to do something similar when the SessionState is gone. The app in question holds some data in the Session, and should present the user with a "Session Expired - login again" page if any of them is gone.
So far, the only option I can think of doing it in each of the places I access Session, but this is obviously a less than optimal solution.
What am I doing wrong. The sessionState Timeout never fires,It only fires after 24 hours, I want to let it fire in 20 minutes on my webpage. In the web.config I handle the sessionstate like this:
i am having problems with an asp.net c# site whereby i am setting a session state object to true and then redirecting to another page that needs to check the value of the session state object and it is null.
Sometimes it is set correctly and other times is is simply null.
When i debug on my local machine it works perfectly every time. Only when i upload to my web server does this temperamental behaviour happen.
As it is based around the security of the site it is obviously important that the session data be valid and accurate every time.
Is session state data unreliable?
AFAIK its set to inproc, cookieless, 30 min timeout, vanilla installation of IIS.
Does anyone have any suggestions? Perhaps i need to thread.sleep inbetween the storing of the session data and the reading?
NB: the time between the write and the read is about 70ms.. ample time for the data to be written to RAM.....
I'm managing a rather large project, written in asp.net webforms + mvc3, with a large user base, and a pretty high daily visitor count. Basically, there are a lot of requests at any given moment.
One of my controllers in MVC that handles / resizes images on the fly has the following attribute applied to it:
[SessionState(SessionStateBehavior.Disabled)]
Now, if an action in the controller tries to access the session - it obviously throws an exception - so we're good so far. The problem is: if I go to the IIS Worker Processes window (Win Server 2008 R2, IIS 7.5), and check the current requests for this site, I can sometimes see the requests to an action in this controller. Their current state is locked in State: RequestAcquireState, Module Name: Session. Sometimes these locks go over a second or two in this state.
Wasn't the whole point of the attribute in the first place to make the requests to the controller ignore the state, and not waste time (and possibly being locked) trying to acquire the state? If this is so - am I doing something wrong here, or does the problem lie elsewhere?
From my understanding, the asp.net 1.1 application will login the user then store the information to a session and a cookie? I'm trying to access that cookie with a asp.net 2.0 application. Is this possible?
I'm thinking the mode would need to change to maybe StateServer or Sql.
I have been thinking of ways to optimize the out of state storage of sessions within SQL server and a few I ran across are:
Disable session state on pages that do not require the session. Also, use read-only on pages that are not writing to the session.
In ASP.NET 4.0 use gzip compression option.
Try to keep the amount of data stored in the session to a minimum.
Right now, I have a single object (a class called SessionObject) stored in the session. The good news is, is that it is completely serializable.
Optimizing using protobuf-net An additional way I thought might be a good way to optimize the storage of sessions would be to use protocol buffers (protobuf-net) serialization/deserialization instead of the standard BinaryFormatter. I understand I could have all of my objects inherit ISerializable, but I'd like to not create DTO's or clutter up my Domain layer with serialize/deserialize logic.
I am trying to config my application to use out-of-process sessionState.
<sessionstate mode="stateserver" cookieless="false" timeout="20" sqlconnectionstring="data source=127.0.0.1;user id=<user id>;password=<password>" server="127.0.0.1" port="42424" />In my web.config I get errors for the server and port attributes, telling me that server attribute is not allowed and port attribute is not allowed.
I changed my application to use "InProc" sessionState instead of "Off" because I need to preserve user selected language from page to page doing localization.n web.sitemap I have this line:
which before I changed sessionState to "InProc" worked as supposed to: menu item "Administrator" appeared as a menu choice only when user had logged in with admin rights. Now this menu choice is present for every user.
is? Both in web.config. I want to increase or reduce the timeout in my webapplication. Means: If a users idles more than 10 min. the should get timed out.
I'm completely stuck with this version 1.0.0.0 product.
I'm running in a domain environment but for the specific application i'm using I want to disable security to reduce the workload on the servers when accessing the cache.
I've got a bunch of web servers with an existing application using SQL sessions state, and the idea was to roll out AppFabric and use the session state provider and a fast solution to speed things up. Currently have a single separate server running appFabric Host.
All Servers are on the same domain.
I've got AppFabric Running using this mode on the host
Set-CacheClusterSecurity -ProtectionLevel EncryptAndSign -SecurityMode Transport
Local App Pool on the web servers is using NETWORK SERVICE account, and i've grantedthe machine accounts permissions and it all works fine.
ErrorCode:SubStatus:There is a temporary failure. Please retry later. (One or more specified Cache servers are unavailable, which could be caused by busy network or servers. Ensure that security permission has been granted for this client account on the cluster and that the AppFabric Caching Service is allowed through the firewall on all cache hosts. Retry later.)
My assumption is that the client (session state provider), is set by default to use security and need to be set not too, but can't find any doco on how to change this, or i could be barking up the wrong tree.
We have a webfarm using a SQL Server 2000 database to store our session state.
On the same SQL server are our databases for the rest of the websites. The databases are separate but on the same server.
Recently I found that one of our developers is using the session very inefficiently. He is storing large datatables within the session for users when he could accomplish the same thing through other methods.
Can this inefficient use of the session state (when stored in SQL Server) affect the performance of our main database when they are on the same server?
The answer seems to be yes, to some degree. However, I cannot find any documentation to back me up.
My session variables don't get saved if the SessionState mode in the web.config file is set to StateServer. But when I changed it to InProc, then everything is fine and good. I'm trying to save a custom built object (or class) into the session after the user logs in.
I am performing my first steps with ASP.NET for my employment.Yesterday I tried to perform saving a value to a sessionstate variable, but it does not work.I am using C# and want to code in .NET 3.5. [Code]....
The click performs a postback to a second website where the value is to be displayed on a simple label.The value I initialized in the Global.asax is saved to the variable and then read on the second page, but I cannot manipulate it using the textbox and the button on the first page. I just don't get it...I even tried on different machines and different VS editions.
I'm building a site using the .NET 4 framework using routing and MasterPages.
Because I'm using both routing and MasterPages, I can't see any way how to get value from control on the previous page. To solve this I've used the code behind to store the control's value in a session variable. Is there a way to retrieve a value from a control using PreviousPage or something when using Routing and MasterPages?
This works fine in VWD debug mode and in IIS 5.1, but when I try to deploy it on my Windows Server 2008 (IIS7.5) machine, it get this error:
Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. also make sure that System.Web.SessionStateModule or a custom session state module is included in the <configuration><system.web><httpModules> section in the application configuration.
I have a problem regarding the SessionState Collection.I retrieve an object
[Code]....
I thought that i access a reference type. But calling the default constructor to build a new object seems not to work.The next time I access the object I still get the old one.
I have an issue to where my users are logged into my system but thier session is null so when they try to do something in the system after 20 minutes, i get null reference expceptions because my session is gon What is the best practice for handleing the session, should i kick the users out before thier session ends and when they log back in thier session will return or atleast a new one will be created right? How should I handle this?
Multiple applications are sharing the same session cookie at the moment and I don't want this to be the case, however, I would like to set the value in code rathr than hardcode a value using the web.config.
I am starting a new project in ASP.NET (With silverlight) - I would like to get expert opinion about how to design the data access.I can use DataAccess Layer with SQL helper, but the challenge is every new field that I add needs to be added in the sql helper.I am trying to see if there is a way to design the system, so that it appears in the front end when a new field is added. I don't want to have in the ASPX files (binding in controls) I want to have ability to change items in code. Essentially I am trying to see the best option to have a database application.