What am I doing wrong. The sessionState Timeout never fires,It only fires after 24 hours, I want to let it fire in 20 minutes on my webpage. In the web.config I handle the sessionstate like this:
I have an issue to where my users are logged into my system but thier session is null so when they try to do something in the system after 20 minutes, i get null reference expceptions because my session is gon What is the best practice for handleing the session, should i kick the users out before thier session ends and when they log back in thier session will return or atleast a new one will be created right? How should I handle this?
is? Both in web.config. I want to increase or reduce the timeout in my webapplication. Means: If a users idles more than 10 min. the should get timed out.
I have noticed that when I have a session that has expired, the Session_OnStart event fires with every new request.
I suppose that this behavior is not normal, because I was expecting that the session would re-start only with the first request and not with every subsequent request.
This behavior occurs only with sessions where the timeout period has been exceded.
The current conditions under which I have experienced this problem are:
I have experienced this problem with an application that is using the .NET 2.0 framework and with a session mode configured to InProc. This problem is happening both on Windows XP SP3 and Windows 2003 Server.
i'm interested to do the following - i geuss, i have no option to do that:
we have our "mainapplication" on a DB; we are tracking user-login status by switching a bit in the DB in the users data row.
we hvae a second application, the backend, which is the administration tool.
(the applications are put in seperate diretories on HD)
sometimes, we need to block/ban users. in some cases the users are logged in, when we "see them in action".
i'd like to build a button in the backend-application, which logss-out the user from the mainapplication.
for sure: i can access the same DB and switch the bit to "know" he's offline, but this will not kill the session on the mainapplication.
because: if a user is on/offline is also indicated by the session in the IIS. and as the IIS-session is active, the user may be already banned - but he will not be logged out automatically (and showing something like "you have been logged out because of a ban) one option would be to call the DB by each page-load to find out, if the user is logged on.
We have the timeout value set to 120 in our <form> tag within the web.config. We do not have a session timeout set.. and we have various connection strings.
We are having a problem where a session variable will disappear (become NULL) .. but, the form evidently remains 'open'.. or no re-login is required..... so, my question(s):
1. what is the relationship between form timeout and session timeout
I am having a problem with my ASP.Net Web application. The application is developed using vb.net and is linked to a SQL Server database. Let me explain how the application works and the problem I am experiencing. The system is an online web app which allows registered users to create a CV online. One of the pages within the app gives users the chance to add a cover note to their CV. The page that allows them to do this consists of only a textarea control and a button control. The textarea allows users to input up to 4,000 characters.
Once the user clicks the 'Save' button to save their cover note info, the following code then executes.This code checks to see if the CV already has cover note info, if it does, then the application runs an update statement, otherwise, it runs an insert statement.The table within the database which records the cover note information is called tbl_covernote and has three columns, covernote_id (int and autoincrement), cv_id(int), covernote_text (nvarchar(max)).
The error which occurs sometimes is as follows:
Dim dr As SqlDataReader Dim param(0) As SqlParameter Finally [code]...
I have an ASP.Net application that makes an AJAX request to retrieve at report. The report can run for a long time so I set the asyncpostbacktimeout in <asp:ScriptManager /> to 600. However, when I try to run the report, if it runs for longer than 90 seconds it fails to come back. I can see in the IIS logs that the POST request succeeded with a 200 status and I can see the time taken is much less than 600.
The web page dutifully waits for the entire 600 seconds before returning with a timeout error:
Error:
Sys.WebForms.PageRequestManagerTimeoutException:
The server request timed out.
Is there any setting I should be checking in IIS? Connection timeout is 900 seconds.
I have a page of each every click has ajax call to my server (hence, the ASP extends the session)
I have ASP.NET session set to Xmin. I want when X+1 min expires, I have expiration page. what I did was to set the JS timer to validate every x+1min to see if the session expired (the problem is that the JS and the ASP session timeouts are not synced)
What would be the best way to detect if the SessionState has died in order to send the user to a "Session Expired" page? I've successfully configured the app (in Web.config) to do this when the authentication cookie is gone (there's a setting for that), but so far I haven't found an effective way to do something similar when the SessionState is gone. The app in question holds some data in the Session, and should present the user with a "Session Expired - login again" page if any of them is gone.
So far, the only option I can think of doing it in each of the places I access Session, but this is obviously a less than optimal solution.
i am having problems with an asp.net c# site whereby i am setting a session state object to true and then redirecting to another page that needs to check the value of the session state object and it is null.
Sometimes it is set correctly and other times is is simply null.
When i debug on my local machine it works perfectly every time. Only when i upload to my web server does this temperamental behaviour happen.
As it is based around the security of the site it is obviously important that the session data be valid and accurate every time.
Is session state data unreliable?
AFAIK its set to inproc, cookieless, 30 min timeout, vanilla installation of IIS.
Does anyone have any suggestions? Perhaps i need to thread.sleep inbetween the storing of the session data and the reading?
NB: the time between the write and the read is about 70ms.. ample time for the data to be written to RAM.....
I'm managing a rather large project, written in asp.net webforms + mvc3, with a large user base, and a pretty high daily visitor count. Basically, there are a lot of requests at any given moment.
One of my controllers in MVC that handles / resizes images on the fly has the following attribute applied to it:
[SessionState(SessionStateBehavior.Disabled)]
Now, if an action in the controller tries to access the session - it obviously throws an exception - so we're good so far. The problem is: if I go to the IIS Worker Processes window (Win Server 2008 R2, IIS 7.5), and check the current requests for this site, I can sometimes see the requests to an action in this controller. Their current state is locked in State: RequestAcquireState, Module Name: Session. Sometimes these locks go over a second or two in this state.
Wasn't the whole point of the attribute in the first place to make the requests to the controller ignore the state, and not waste time (and possibly being locked) trying to acquire the state? If this is so - am I doing something wrong here, or does the problem lie elsewhere?
From my understanding, the asp.net 1.1 application will login the user then store the information to a session and a cookie? I'm trying to access that cookie with a asp.net 2.0 application. Is this possible?
I'm thinking the mode would need to change to maybe StateServer or Sql.
I have been thinking of ways to optimize the out of state storage of sessions within SQL server and a few I ran across are:
Disable session state on pages that do not require the session. Also, use read-only on pages that are not writing to the session.
In ASP.NET 4.0 use gzip compression option.
Try to keep the amount of data stored in the session to a minimum.
Right now, I have a single object (a class called SessionObject) stored in the session. The good news is, is that it is completely serializable.
Optimizing using protobuf-net An additional way I thought might be a good way to optimize the storage of sessions would be to use protocol buffers (protobuf-net) serialization/deserialization instead of the standard BinaryFormatter. I understand I could have all of my objects inherit ISerializable, but I'd like to not create DTO's or clutter up my Domain layer with serialize/deserialize logic.
I am trying to config my application to use out-of-process sessionState.
<sessionstate mode="stateserver" cookieless="false" timeout="20" sqlconnectionstring="data source=127.0.0.1;user id=<user id>;password=<password>" server="127.0.0.1" port="42424" />In my web.config I get errors for the server and port attributes, telling me that server attribute is not allowed and port attribute is not allowed.
I changed my application to use "InProc" sessionState instead of "Off" because I need to preserve user selected language from page to page doing localization.n web.sitemap I have this line:
which before I changed sessionState to "InProc" worked as supposed to: menu item "Administrator" appeared as a menu choice only when user had logged in with admin rights. Now this menu choice is present for every user.
I'm completely stuck with this version 1.0.0.0 product.
I'm running in a domain environment but for the specific application i'm using I want to disable security to reduce the workload on the servers when accessing the cache.
I've got a bunch of web servers with an existing application using SQL sessions state, and the idea was to roll out AppFabric and use the session state provider and a fast solution to speed things up. Currently have a single separate server running appFabric Host.
All Servers are on the same domain.
I've got AppFabric Running using this mode on the host
Set-CacheClusterSecurity -ProtectionLevel EncryptAndSign -SecurityMode Transport
Local App Pool on the web servers is using NETWORK SERVICE account, and i've grantedthe machine accounts permissions and it all works fine.
ErrorCode:SubStatus:There is a temporary failure. Please retry later. (One or more specified Cache servers are unavailable, which could be caused by busy network or servers. Ensure that security permission has been granted for this client account on the cluster and that the AppFabric Caching Service is allowed through the firewall on all cache hosts. Retry later.)
My assumption is that the client (session state provider), is set by default to use security and need to be set not too, but can't find any doco on how to change this, or i could be barking up the wrong tree.
We have a webfarm using a SQL Server 2000 database to store our session state.
On the same SQL server are our databases for the rest of the websites. The databases are separate but on the same server.
Recently I found that one of our developers is using the session very inefficiently. He is storing large datatables within the session for users when he could accomplish the same thing through other methods.
Can this inefficient use of the session state (when stored in SQL Server) affect the performance of our main database when they are on the same server?
The answer seems to be yes, to some degree. However, I cannot find any documentation to back me up.