I have devloped a asp.net web site using asp.net 4.0.when i deploye it on iis server then it running proper.but when we deploye it on third party windows hosting server then session expirex very quikly.i increase session timeout in server settion 20 to 60
min. update web config session timeout 20 to 60 but problem as it is.my web config is here.please help.it is urgent.my client frastated due to relogin relogin--
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
<add name="S_dataConnectionString" connectionString="Data Source=.;Initial Catalog=xyz;Persist Security Info=True;User ID=sa;Password=abc"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
You should increase the application pool timeout. Most
shared ASP.NET hosting keep this value low to save the server resources. In this case you have 2 options, to ask the hostsing company to increase the value, or to get more advance hosting solution as
Windows VPS hosting.
There are three timeouts to be aware of (or that I've discovered):
1. Session State
This timeout expires your User's Login Session (defined in the App's web.config <sessionState> section).
It only works with an Application Pool (w3wp.exe) set to use a single worker process (via the Application Pool Advanced Settings within the IIS Manager on the Server).
2. Auth Ticket
The timeout before another request is passed. This can expire the login without expiring the user session (e.g. shopping cart on the server side).
This must be defined to be less than the Session State Expiration (defined also in the App's web.config <forms> section shown in your example above).
3. Auth Cookie
This holds the Auth Ticket (unless you go cookieless). Otherwise, this can expire too and it's hard to visually see all of this without alot of trial and error troubleshooting.
This should get you through the expiration. Handing Auth Ticket "Sliding Expiration" is a little different and I've had to handle this myself rather than rely on the server to automatically do it. It's weird too, the Sliding Expiration will not advance
until 50% of the timeout period has passed, but will increment everytime thereafter. I make sure to reset the Expiration on both Auth Ticket and Auth Cookie manually to guarantee the sliding after requests complete and responses return.
Marked as answer by Mark - MSFT on Nov 20, 2012 04:09 AM
When using Forms Authentication, it has nothing to do with Session Timeout because Forms Authenticaton is unsing Cookies and has nothing to do with Session.
<div sizcache="2" sizset="7">
Most likely your application pool recycles frequently. This is a very common issue on shared hosted environments. When the applicaton pool recycles, and you're using session state mode InProc (the dafault), all sessions are lost. But that doesn't affect
your authentication, as I said before.
But if you didn't specify a machinekey in your web.config, authenticaton cookies can become invalid also. This is because this key is used to encrypt and decrypt the authentication cookie. If you didn't specify a machinekey, ASP.NET will generate one for
you. But sometimes (I'm not sure when because this isn't very wel documented in MSDN), when the application pool recycles, ASP.NET will generate a new key (MSDN says that it will generate the same key everytime but this is not always the case). When this happens,
authenticaton cookies encrypted using the previous key cannot be decrypted using the new key, so the cookie isn't valid anymore. To overcome this problem, add a machinekey to web.config, so the same key is used each and every time
Note that this doesn't solve the Session to expire frequently. When you'rs using Session as well, you better choose another SessionState mode, not the default option "InProc"
</div>
Marked as answer by Mark - MSFT on Nov 20, 2012 04:09 AM
suryakant4it
Member
51 Points
59 Posts
Session timeout problem
Nov 12, 2012 04:54 AM|LINK
I have devloped a asp.net web site using asp.net 4.0.when i deploye it on iis server then it running proper.but when we deploye it on third party windows hosting server then session expirex very quikly.i increase session timeout in server settion 20 to 60 min. update web config session timeout 20 to 60 but problem as it is.my web config is here.please help.it is urgent.my client frastated due to relogin relogin--
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
<add name="S_dataConnectionString" connectionString="Data Source=.;Initial Catalog=xyz;Persist Security Info=True;User ID=sa;Password=abc"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
<sessionState timeout="60"/>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
HostingASPNe...
All-Star
15882 Points
2977 Posts
Re: Session timeout problem
Nov 12, 2012 05:10 AM|LINK
Hello,
You should increase the application pool timeout. Most shared ASP.NET hosting keep this value low to save the server resources. In this case you have 2 options, to ask the hostsing company to increase the value, or to get more advance hosting solution as Windows VPS hosting.
Regards
Free ASP.NET Examples and source code.
suryakant4it
Member
51 Points
59 Posts
Re: Session timeout problem
Nov 12, 2012 06:49 AM|LINK
after 5 minute when i am refresh my page the object refrence not found error show.after relogin this error remove.what is solutionany idea ..
BrockAllen
All-Star
27530 Points
4905 Posts
MVP
Re: Session timeout problem
Nov 12, 2012 06:41 PM|LINK
You need to store your session state out of process:
http://msdn.microsoft.com/en-us/library/ms972429.aspx
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
MysticW
Member
14 Points
7 Posts
Re: Session timeout problem
Nov 13, 2012 07:39 PM|LINK
There are three timeouts to be aware of (or that I've discovered):
1. Session State
This timeout expires your User's Login Session (defined in the App's web.config <sessionState> section).
It only works with an Application Pool (w3wp.exe) set to use a single worker process (via the Application Pool Advanced Settings within the IIS Manager on the Server).
2. Auth Ticket
The timeout before another request is passed. This can expire the login without expiring the user session (e.g. shopping cart on the server side).
This must be defined to be less than the Session State Expiration (defined also in the App's web.config <forms> section shown in your example above).
3. Auth Cookie
This holds the Auth Ticket (unless you go cookieless). Otherwise, this can expire too and it's hard to visually see all of this without alot of trial and error troubleshooting.
This should get you through the expiration. Handing Auth Ticket "Sliding Expiration" is a little different and I've had to handle this myself rather than rely on the server to automatically do it. It's weird too, the Sliding Expiration will not advance until 50% of the timeout period has passed, but will increment everytime thereafter. I make sure to reset the Expiration on both Auth Ticket and Auth Cookie manually to guarantee the sliding after requests complete and responses return.
hans_v
All-Star
35986 Points
6550 Posts
Re: Session timeout problem
Nov 13, 2012 09:31 PM|LINK
When using Forms Authentication, it has nothing to do with Session Timeout because Forms Authenticaton is unsing Cookies and has nothing to do with Session.
<div sizcache="2" sizset="7">Most likely your application pool recycles frequently. This is a very common issue on shared hosted environments. When the applicaton pool recycles, and you're using session state mode InProc (the dafault), all sessions are lost. But that doesn't affect your authentication, as I said before.
But if you didn't specify a machinekey in your web.config, authenticaton cookies can become invalid also. This is because this key is used to encrypt and decrypt the authentication cookie. If you didn't specify a machinekey, ASP.NET will generate one for you. But sometimes (I'm not sure when because this isn't very wel documented in MSDN), when the application pool recycles, ASP.NET will generate a new key (MSDN says that it will generate the same key everytime but this is not always the case). When this happens, authenticaton cookies encrypted using the previous key cannot be decrypted using the new key, so the cookie isn't valid anymore. To overcome this problem, add a machinekey to web.config, so the same key is used each and every time
http://aspnetresources.com/tools/machineKey
Note that this doesn't solve the Session to expire frequently. When you'rs using Session as well, you better choose another SessionState mode, not the default option "InProc"
</div>suryakant4it
Member
51 Points
59 Posts
Re: Session timeout problem
Dec 18, 2012 09:38 AM|LINK
Thanks alot.I configure machine key.Now working properly.This is perfect solution