Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Losing Session state

Reply
Thread Tools

Losing Session state

 
 
Arthur Dent
Guest
Posts: n/a
 
      05-13-2008
Hello all, I have some issue which is driving me crazy in testing my site...

Every now and then, the session variables in my site all get cleared out. I
assume this is because of something causing the AppPool to recycle.
The thing that really throws a wrench into all this though, is that after
the app recycles, User.Identity.IsAuthenticated is still returning true!
So despite the fact that the session and all its information is gone, and
effectively destroyed, the app is still reporting that the user is logged
in.
How can I either get it to stop recycling, or to sign the user out along
with the recycle?????

Thanks in advance,
- Arthur Dent.

 
Reply With Quote
 
 
 
 
Teemu Keiski
Guest
Posts: n/a
 
      05-13-2008
Hi,

if your application uses InProc session state, that indeed is wiped out when
application pool recycled. And especually in ASP.NET 2.0 or better apppool /
application restarts can occur quite easily (a few changes to files, change
in web.config, adding new dlls to bin etc etc). Therefore it's best to use
out-of-process session state modes such as SQL Server or State Server

http://msdn.microsoft.com/en-us/library/ms178586.aspx

--
Teemu Keiski
AspInsider, ASP.NET MVP
http://blogs.aspadvice.com/joteke
http://teemukeiski.net

"Arthur Dent" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello all, I have some issue which is driving me crazy in testing my
> site...
>
> Every now and then, the session variables in my site all get cleared out.
> I assume this is because of something causing the AppPool to recycle.
> The thing that really throws a wrench into all this though, is that after
> the app recycles, User.Identity.IsAuthenticated is still returning true!
> So despite the fact that the session and all its information is gone, and
> effectively destroyed, the app is still reporting that the user is logged
> in.
> How can I either get it to stop recycling, or to sign the user out along
> with the recycle?????
>
> Thanks in advance,
> - Arthur Dent.



 
Reply With Quote
 
 
 
 
Peter Bromberg [C# MVP]
Guest
Posts: n/a
 
      05-13-2008
Depending on what type of authentication your site uses (Forms auth, for
example), this does not depend on Session State at all. Forms auth has a
forms ticket in the form of a cookie that is read by the forms
authentication provider on each page request. If the cookie is there, you
are authenticated. Nothing to do with Session at all.
Peter

"Arthur Dent" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello all, I have some issue which is driving me crazy in testing my
> site...
>
> Every now and then, the session variables in my site all get cleared out.
> I assume this is because of something causing the AppPool to recycle.
> The thing that really throws a wrench into all this though, is that after
> the app recycles, User.Identity.IsAuthenticated is still returning true!
> So despite the fact that the session and all its information is gone, and
> effectively destroyed, the app is still reporting that the user is logged
> in.
> How can I either get it to stop recycling, or to sign the user out along
> with the recycle?????
>
> Thanks in advance,
> - Arthur Dent.


 
Reply With Quote
 
Mark Fitzpatrick
Guest
Posts: n/a
 
      05-13-2008
You can't get it to automatically sign the user out since it is a global
action. The user will still be authenticated because the authentication
information is completely separate from the session state and is stored
client-side in an authentication cookie.

You could create a class that helps you control access to session variables.
This way if, for example, the session variable is null you can test for it
and then perform whatever action you need in order to reload that variable.
This is good practice because session variables can be lost for a myriad of
reasons and always depending on them to have a value can lead into problems
just like this.

You also don't want to stop the application from recycling. Instead, look at
why it's recycling. If you're storing large objects in the session state,
it's recycling because it's out of memory or there is a serious fault that
has caused the app to crash and recycle. Before you try to alter this
behavior, examine the data you are storing in the session and determine if
you have anything rather large in there and figure out how much memory that
item is using given the number of times it's being replicated by the user
count. Also make sure that any data access functions you have close their
connections to the db as soon as possible so the connection can be returned
to the pool. An app can recycle when it runs out of connections in the pool
so this can be critical.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - Expression

"Arthur Dent" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello all, I have some issue which is driving me crazy in testing my
> site...
>
> Every now and then, the session variables in my site all get cleared out.
> I assume this is because of something causing the AppPool to recycle.
> The thing that really throws a wrench into all this though, is that after
> the app recycles, User.Identity.IsAuthenticated is still returning true!
> So despite the fact that the session and all its information is gone, and
> effectively destroyed, the app is still reporting that the user is logged
> in.
> How can I either get it to stop recycling, or to sign the user out along
> with the recycle?????
>
> Thanks in advance,
> - Arthur Dent.


 
Reply With Quote
 
Moe Sisko
Guest
Posts: n/a
 
      05-14-2008

"Arthur Dent" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> .. or to sign the user out along with the recycle?????



You might find this article helpful :

http://www.abstraction.net/content/a...%20asp.net.htm

So, in the Session_Start event, once a new session is detected, you could
call :

FormsAuthentication.SignOut( ); to logout, if you are using forms
authentication.

Also note that the code shown in the Session_Start event has a potential
problem - if a user was on the Login page when session expired, it will
redirect back to the Login page, which is not necessary. So you could check
the page of the current request, and not perform the redirect if you are
already on the login page.

HTH,
Moe




 
Reply With Quote
 
Arthur Dent
Guest
Posts: n/a
 
      05-14-2008
This seems like the best approach. I'm kind of working this direction now,
but your post helped clarify and clean up the logic I was using.
The article also is a very good discussion.

Thanks for the help!! CheerZ



"Moe Sisko" <null> wrote in message
news:#(E-Mail Removed)...
>
> "Arthur Dent" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>
>> .. or to sign the user out along with the recycle?????

>
>
> You might find this article helpful :
>
> http://www.abstraction.net/content/a...%20asp.net.htm
>
> So, in the Session_Start event, once a new session is detected, you could
> call :
>
> FormsAuthentication.SignOut( ); to logout, if you are using forms
> authentication.
>
> Also note that the code shown in the Session_Start event has a potential
> problem - if a user was on the Login page when session expired, it will
> redirect back to the Login page, which is not necessary. So you could
> check the page of the current request, and not perform the redirect if you
> are already on the login page.
>
> HTH,
> Moe
>
>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to make the session state request to the session state server Maciek ASP .Net 0 09-15-2005 08:49 PM
Unable to serialize the session state. Please note that non-serializable objects or MarshalByRef objects are not permitted when session state mode is 'StateServer' or 'SQLServer'. Mike Larkin ASP .Net 1 05-23-2005 12:33 PM
Losing Session State on a State Server Vinay Joseph Mathew ASP .Net 3 09-16-2004 05:09 PM
Unable to make the session state request to the session state server Not Liking Dot Net Today ASP .Net 0 04-21-2004 11:54 AM
unable to make the session state request to the session state server shamanthakamani ASP .Net 1 11-20-2003 04:51 AM



Advertisments