Forums » .NET » ASP.NET »

Session Timeout Problem


Posted Date: 18 Feb 2004      Posted By:: Sasithar Profile photo    Member Level: Silver  Member Rank: 0     Points: 2   Responses: 21

Hi guys,

The session in my application often gets expired.

I've tried giving session timings both
in the page directive of the page
as well as
in the Global.asax file

It works for sometime and getting expired very soon sometimes.

Can anyone help me out in solving this problem.

With Thankx and Regards,
Sashi.



Responses

#24    Author: Siva      Member Level: Gold      Member Rank: 0     Date: 19/Feb/2004   Rating: 2 out of 52 out of 5     Points: 2

Hi

Have u set any time limit in the web.config file if not then set like this
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

these are the lines will create for u default...so there is no need to give in a page level or in global.ascx pages..Here the timeout "20" is in minutes if u want u can change in to your requirement....

If u still get problems please feel free to ask me again...
Thanking you..
siva..


 
#4125    Author: Sree      Member Level: Gold      Member Rank: 0     Date: 20/Sep/2004   Rating: 2 out of 52 out of 5     Points: 2

hi Shiva
even I set web.config time out to 90 min while I navigate the links in my appliction, with in 10 or 20 min I am thrown to logout Page.
Can you give me solution is there any other reson for Session time out other than setting TimeOut in Web.Config(its urgent senario for my application to solve)

Regards
Sreekanth


 
#5003    Author: Dharmesh       Member Level: Bronze      Member Rank: 0     Date: 14/Oct/2004   Rating: 2 out of 52 out of 5     Points: 2

Hi Sashi,

I think you are setting session timeout at other places too. Remove page level setting or global.asax for session timeout. Just keep it in Web.config. This setting is being overridden some place.

Dharmesh





 
#22699    Author: imad Khalil      Member Level: Bronze      Member Rank: 0     Date: 15/Jun/2005   Rating: 2 out of 52 out of 5     Points: 2

Hi
if u have an anti virus then stop it and try again
cause antivirus updated the last tiem modified attribute of the checked files
so that when the anti virus check the web.config it will update the last modified time
and then the application will restart


 
#28519    Author: prabhakar reddy      Member Level: Bronze      Member Rank: 0     Date: 23/Aug/2005   Rating: 2 out of 52 out of 5     Points: 2

Hi
I have tried as u specified in web.config but still I have problem with session expiration. It is being expired even I am continuously using the application. Session may expire if I don't use the application for sometime. But I am continuously using without keeping idle even for 5mins, it is getting expired. I need your help. very urgent. I am sending my web.config code also below,

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="dataconn1" value="User ID=sa;Password=saadmin;database=RevolutionDB_Devs;server=chen-dktp-050\Explore"/>
<add key="SSO" value="1"></add>
</appSettings>

<system.web>

<identity impersonate="true"/>
<!--
DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation about
debugging ASP.NET files.
-->
<compilation
defaultLanguage="c#"
debug="true"
/>

<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.

"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not running
on the local Web server. This setting is recommended for security purposes, so
that you do not display application detail information to remote clients.
-->
<customErrors
mode="Off"
/>

<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows",
"Forms", "Passport" and "None"

"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
its settings for the application. Anonymous access must be disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter their credentials, and then
you authenticate them in your application. A user credential token is stored in a cookie.
"Passport" Authentication is performed via a centralized authentication service provided
by Microsoft that offers a single logon and core profile services for member sites.
-->
<authentication
mode="Forms" >
<forms name="Default" loginUrl="Default.aspx" protection="All" timeout="60" path="/" />
</authentication>

<authorization>
<deny
users="?" />
</authorization>


<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an application.
Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application
root.
-->
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>

<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="60"
/>

<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>
<httpRuntime
executionTimeout="90"
maxRequestLength="102400"
useFullyQualifiedRedirectUrl="false"
minFreeThreads="8"
minLocalRequestFreeThreads="4"
appRequestQueueLimit="100"
/>

</system.web>

</configuration>



 
#28521    Author: prabhakar reddy      Member Level: Bronze      Member Rank: 0     Date: 23/Aug/2005   Rating: 2 out of 52 out of 5     Points: 2

Hi
I have tried as u specified in web.config but still I have problem with session expiration. It is being expired even I am continuously using the application. Session may expire if I don't use the application for sometime. But I am continuously using without keeping idle even for 5mins, it is getting expired. I need your help. very urgent. I am sending my web.config code also below,

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="dataconn1" value="User ID=sa;Password=saadmin;database=RevolutionDB_Devs;server=chen-dktp-050\Explore"/>
<add key="SSO" value="1"></add>
</appSettings>

<system.web>

<identity impersonate="true"/>
<!--
DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation about
debugging ASP.NET files.
-->
<compilation
defaultLanguage="c#"
debug="true"
/>

<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.

"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not running
on the local Web server. This setting is recommended for security purposes, so
that you do not display application detail information to remote clients.
-->
<customErrors
mode="Off"
/>

<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows",
"Forms", "Passport" and "None"

"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
its settings for the application. Anonymous access must be disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter their credentials, and then
you authenticate them in your application. A user credential token is stored in a cookie.
"Passport" Authentication is performed via a centralized authentication service provided
by Microsoft that offers a single logon and core profile services for member sites.
-->
<authentication
mode="Forms" >
<forms name="Default" loginUrl="Default.aspx" protection="All" timeout="60" path="/" />
</authentication>

<authorization>
<deny
users="?" />
</authorization>


<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an application.
Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application
root.
-->
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>

<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="60"
/>

<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>
<httpRuntime
executionTimeout="90"
maxRequestLength="102400"
useFullyQualifiedRedirectUrl="false"
minFreeThreads="8"
minLocalRequestFreeThreads="4"
appRequestQueueLimit="100"
/>

</system.web>

</configuration>



 
#31228    Author: Ahmed      Member Level: Bronze      Member Rank: 0     Date: 03/Oct/2005   Rating: 2 out of 52 out of 5     Points: 2

Hello Dear,

I was working in such application and i have the same problem.
When i was logged in i created a session that hold user information, such as username, password, and other user data for security issues. I think the problem that i began looking for is the limitaion of session. so i think you should take care of your data limitation size, and whether if the session could hold it all.

regards,


 
#35511    Author: MJ      Member Level: Bronze      Member Rank: 0     Date: 30/Nov/2005   Rating: 2 out of 52 out of 5     Points: 2

One possible explaination is that you are using .Net Server 2003 and your IIS Application Pool is configured to recycle the worker process after 10 minutes. When the asp worker process is recycled, the session state is dropped and the user is forced to log in again.

 
#35553    Author: Ahmed      Member Level: Bronze      Member Rank: 0     Date: 01/Dec/2005   Rating: 2 out of 52 out of 5     Points: 2

Hi all,
Well, we solve the problem, we was hosting our web application at web garden architicture server machines (multi server machines), at that time our session mode was InProcess so, no unexpected logged out was happen in our local machines but when we host it to server unexpected logged out appears. So, wab garden server machines seems to distribute our worker processes so Session mode shall be in StateServer mode.

As i read, and for the reason that Worker process is distributed, you cannot use InProcess mode.
therefore, you should set session mode to stateserver, and make sure that your Session object is Serialized and any other objects that it used shall not be serialized.

another thing make sure that you don't miss your connections (leaking of connections) by disposing each connection opened, since any exception appeared within uses of connection will not close it, it will still opened so try to dispose connections always, even if you close it..

hope it helps.


 
#35781    Author: Jayant Kumar      Member Level: Bronze      Member Rank: 0     Date: 05/Dec/2005   Rating: 2 out of 52 out of 5     Points: 2

Under ASP.NET , the timeout error message reads as follows:
Exception Details: System.Web.HttpException: Request timed out.

In .NET, there is an additional setting for this. The default script timeout is set to 90 seconds by the httpRuntime section of the machine.config file. You can change this setting to affect all applications on your site, or you can override the settings in your application-specific web.config as follows:

<system.web>
<httpRuntime executionTimeout="900" />
</system.web>

The .NET config files are usually stored in the folder C:\Windows\Microsoft.NET\Framework\[version]\Config where [version] is the version of the .NET Framework such as v1.1.4322. You may need to restart IIS for such changes to take effect.


 
#46714    Author: Brian Lee      Member Level: Bronze      Member Rank: 0     Date: 05/Apr/2006   Rating: 2 out of 52 out of 5     Points: 2

My app is not in a Server farm and I'm still having problems... Does anyone have new information on this topic? I like the suggestion about increasing the executionTimeout but it this all we know. I really had no problem but the users run across this all the time.

 
#49231    Author: Sreetharan      Member Level: Gold      Member Rank: 0     Date: 24/Apr/2006   Rating: 2 out of 52 out of 5     Points: 2

Hi
You have to set the session timeout in default website also. Do the following. go to IIS Manager, right click on the virtual directory and choose properties. Now go to virtual directory tab, click Configuration button. now a dialog box will appear. choose AppOptions tab. Set the session timeout that u need. This will solve the problem. If you are agin getting the same problem then set the same thing for Default WebSite also.

Sreetharan S.T


 
#59858    Author: Brian Lee      Member Level: Bronze      Member Rank: 0     Date: 19/Jun/2006   Rating: 2 out of 52 out of 5     Points: 2

Dave,

I assume your using cookie-less sessions like me . . . now just a warning, I still have session ending problems, but not even a 1/4 as much. Redirects, page and application errors, the debugger running, and runtime configurations were all found to cause the session end function.

1.) I first noticed session ending during the redirect operation. Next most important was code executing after the redirect. I found when I use redirect, any coding following the redirect statement will execute and may cause errors.

2.) Any page or application errors may cause a session end. I set up an email message in the page catch statement and application level to track down bad coding on my part.

3.) Configuration of HttpRuntime help too, I found certain threading issues. This is my current webconfig statement: <httpRuntime minFreeThreads="12" minLocalRequestFreeThreads="12" executionTimeout="250"/>

4.) If in production turn off debug, your application will running harder if turn on.
<compilation defaultLanguage="vb" debug="false" />

I'm certainly not the smartest human on earth but all these topics helped me run sessions better. I have also noticed when an application starts the first session will crash after a couple requests just about every time; sounds crazy right. I have been told smart developers use cookies and view state. I see both a step in the wrong direction so I'm working on the session method.

Brian Lee
www.kudoskido.com


 
#133563    Author: Promothash Boruah      Member Level: Bronze      Member Rank: 0     Date: 29/Jun/2007   Rating: 2 out of 52 out of 5     Points: 2

Hi all,
My problem is that session is working fine in one machine and it is not working on the other machine.I have a local copy of an application installed on two machines.The configuration of both the machines are identical and same code with no modification has been deployed on both the machines.This is a .Net 1.1 application and deployed on IIS 5.1.The session is defined in the IIS and also in the web.config.[mode="InProc"] as it is a small application with minimum users.

I have seen the Application log in the event viewer there is no log of the aspnet_wp.exe being refresh or recycled.

on the other hand,I have made a POC and tried on the same machine where the session does not expire.I have never faced such a situation.Help needed!!


 
#133564    Author: Promothash Boruah      Member Level: Bronze      Member Rank: 0     Date: 29/Jun/2007   Rating: 2 out of 52 out of 5     Points: 2

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="ConnStr" value="Data Source=ashishcomp;Initial Catalog=prosys;User ID=sa;Password=sa;Max Pool Size=75000;"/>
<!--<add key="ServerIPAddress" value=""/> IP Address of mail server 65.214.165.5 -->
<add key="ServerIPAddress" value="127.0.0.1"/> <!-- IP Address of mail server -->
<add key ="MailFrom" value= "mrv@mrvmarketing.com"/>
<add key="MailSubject" value = "MRV Notice: Pricing Update"/>

</appSettings>
<system.web>

<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation about
debugging ASP.NET files.
-->
<compilation
defaultLanguage="c#"
debug="true"
/>

<!-- CUSTOM ERROR MESSAGES MMS2K3SRVR MMS-E56E0E6184A
Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.

"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not running
on the local Web server. This setting is recommended for security purposes, so
that you do not display application detail information to remote clients.
-->
<customErrors
mode="Off"
/>

<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows",
"Forms", "Passport" and "None"

"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
its settings for the application. Anonymous access must be disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter their credentials, and then
you authenticate them in your application. A user credential token is stored in a cookie.
"Passport" Authentication is performed via a centralized authentication service provided
by Microsoft that offers a single logon and core profile services for member sites.
-->
<!-- <authentication mode="Windows" /> -->

<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
(unauthenticated) users.
-->
<authentication mode="Forms">

<forms name="mrvppAuth01" loginUrl="login.aspx" protection="All" timeout="100">

<credentials passwordFormat="SHA1">
</credentials>

</forms>

</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an application.
Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application
root.
-->
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>

<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="Data Source=ashishcomp;User ID=sa;Password=sa"
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

</system.web>

</configuration>


 
#133635    Author: Promothash Boruah      Member Level: Bronze      Member Rank: 0     Date: 29/Jun/2007   Rating: 2 out of 52 out of 5     Points: 2

Hi all,
After all my problem is solved I have used the server.transfer () instead of response.redirect()...but still suggestions open.


 
#134052    Author: Brian Lee      Member Level: Bronze      Member Rank: 0     Date: 02/Jul/2007   Rating: 2 out of 52 out of 5     Points: 2

Try using sessionstate mode=stateserver, because the worker process my recycle any session in InProc will be deleted from memory along with the recycle. The stateserver do not recycle with the worker processing and will allow for longer session times.

 
#181287    Author: ali ulvi      Member Level: Bronze      Member Rank: 0     Date: 22/Jan/2008   Rating: 2 out of 52 out of 5     Points: 2

Hi, thanks for this topic.
I worked hard for this problem.
And at last, I tell the problem to my hosting support. Then, the problem solved.
Here is their message....

"We understand your request, It is IIS setting that reset ideal process after few mins if not used to refresh memory for IIS service.
We could allow your domain name the maximum time before service restart and that will help to resolve your issue.

Our admin has modified for you and it should work OK now."


 
#204420    Author: Aleksander      Member Level: Bronze      Member Rank: 0     Date: 19/Mar/2008   Rating: 2 out of 52 out of 5     Points: 2

Ok. If changing the timeout session in IIS do not work, you have 2 other solutions.
The first one is to remove the check of the session timeout in IIS, then the timeout will be read from the webconfig.
The second solution is to add the following code in the web.config file under <system.web>
<sessionState mode="InProc"
cookieless="false"
timeout="240"/>
It works perfectly :)
I have to write the answer somewhere because I lost 2 days of searching google and learning stuff I don't think I would use again :)


 
#235240    Author: anurag      Member Level: Bronze      Member Rank: 0     Date: 22/May/2008   Rating: 2 out of 52 out of 5     Points: 2

Hi guys ,
I also faced the same problem of session timeout not working properly even changing the web config property.
Later when i debuged the code i found out that in FormsAuthenticationTicket I was setting the cookie expiration time out as something else than my session value on the web.config.This value I changed in my login form to solve the problem <<<<<DateTime.Now.AddMinutes(60)>>>>> this setting i changed as per the web.config setting.

FormsAuthenticationTicket authTicket =
new FormsAuthenticationTicket(1, // version
txtUserName.Text,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false,@"\");

Happy coding


 
#340832    Author: Gaurav Aroraa      Member Level: Gold      Member Rank: 0     Date: 27/Jan/2009   Rating: 2 out of 52 out of 5     Points: 6

Session: Its nothing but defined as a period of time shared between the web application and user. Every user has individual session. Items/Objects can be placed into the Session which would only define these object for that user. Session contains key variables which help to identify the related values. This can be thought of as a hash table. Each user would represent a different key node in the hash identifying unique values. The Session variables will be clear by the application which can clear it, as well as through the timeout property in the web config file. Usually the timeout is 20 minutes by default.



Session Variables are stored on the server, can hold any type of data including references, they are similar to global variables in a windows application and use HTTP cookies to store a key with which to locate user's session variables.



The collection of session variables is indexed by the name of the variable or by an integer index. Session variables are created by referring to the session variable by name. You do not have to declare a session variable or explicitly add it to the collection.



Lets get it cleared from following example:



Session["firstName"] = "Gaurav" //User's first name

Session["lastName"] = "Arora" //User's last name



// Clear the session variable

Session["FirstName"] = null;



//Clear all Session variables

Session.Abandon();

Thanks & regards,
Gaurav Kumar Arora
Site Coordinator - DNS
My blog - http://gaurav-arora.com


 
Post Reply     

 This thread is locked for new responses. Please post your comments and questions as a separate thread.
If required, refer to the URL of this page in your new post.





  • Return to Discussion Forum
  • Start new thread


  • Top Contributors
    Today
      Last 7 Daysmore...

      Awards & Gifts

      Online Members

      JosephCuszym
      More...
       
      Copyright © SpiderWorks Technologies Pvt Ltd., Kochi, India