Hi,
This may well be related to another post "Application keeps resetting" - forum.discountasp.net/topic.asp?TOPIC_ID=581 (http://forum.discountasp.net/topic.asp?TOPIC_ID=581). I have a logon feature on my site that used to work great as I'd overiden the default timeout of 10 minutes to be bigger so people could remain logged on.

However for a couple of weeks now this feature seems to have changed. Is this due to the application reset as seen in the other thread mentioned above?. If so is there any way for me to revert back to my previous settings through changes to web.config?

I'd really like to be able to keep my members logged on if they want to. Is there anything I can do?

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

Your web.config will be overridden by machine.config. DASP has set this to 10 minutes. I described a workaround in the article mentioned, it works for me ...

--
Steurm
www.steurm.net/steurm

Thanks steurm, I can see how this might help while the user is accessing the site and browsing around pages. However, I had a really nice solution to let members to return to the site and stay "logged in" through my cookies. This seems to be broken now and I can only assume it's down to the constant resetting of the application (it works fine on my dev environment).

Does anyone else have a solution to keeping users logged on (via cookies) on this new server set up? I'm starting to get a few complaints / queries from my users so I'd obviously like to sort it out and get it working how is was. i.e. correctly.

Is is really necessary to reset the application every x minutes or is this a "just in case" approach?

Hope someone can solve this

cheers

Pete



XBOXRacing.net

Tournaments, Leagues & Prizes

I would be interested to know how many other people have noticed issues with sessions expiring in the past few weeks. i.e different functionality to what used to be.

This is not a whinge, just information gathering.

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

Well after more investigation I'm still suffering users being logged out randomly. I can confirm that the user session is not expiring just the authenticated part of the "session".

I've juggled web.config settings, posted the ms newsgroups all to no avail. Anyone have any ideas at all why this might be happening?

Cheers

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

Pete,

What do you mean by authenticated part of the session?

And how long did you set the session expiration to?

[b]quote:Originally posted by Major_Disorder

Well after more investigation I'm still suffering users being logged out randomly. I can confirm that the user session is not expiring just the authenticated part of the "session".

I've juggled web.config settings, posted the ms newsgroups all to no avail. Anyone have any ideas at all why this might be happening?

Cheers

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes
</blockquote id="quote"></font id="quote">

Hi Bruce,
I created a logging mechanism to record the user sessions in the global.asax just to check whether they were being expired. I write to a log file when the user session started & when the application started. This confirmed that the User Session object was not being expired, but the user was still being kicked out of secure areas of the site.

Here's my web.config settings

<authentication mode="Forms">
<forms name="XBOXAUTH" loginUrl="xxx.aspx" timeout="100000"
slidingExpiration="true" />
</authentication>

<sessionState mode="InProc" stateConnectionString="tcpip=xxxxxx"
sqlConnectionString="data source=xxxx;user id=xxx;password=xxx"
cookieless="false" timeout="100000" />

As you can see from the web.config I shouldn't be getting users randomly logged out (as the time period is long). The cookies are being persisted to the client's machine, but for some reason the log on session is lost from time to time (usually after filling out a forum message,thus loosing the lot!).

I've fully tested this on my development machine (Windows XP Pro v1.1 .NET) and it works correctly with user's authenicated session lasting for the value set in the "authentication" part of web.config and they are also able to close the browser session and log on again with the persisted cookie.

I'm at a loss as what to try next, I've posted on the ms newsgroups but no-one there has replied (3 weeks now).

If there's anything I can try I will as this is very anoying for my users.

Is there anything in machine.config that could cause this??? I don't know what else to do.

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

Any joy on this bruce?

I'm still stuck at the mo. Does DiscountASP have a PSS contract with Microsoft, if so would DiscountASP be able to raise this with Microsoft?

If you want to see the bug first hand let me know and I'll give you login details. I still have an open ticket with support as far as I'm aware so I'll pick up with them later today

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

What is the login page?

[b]quote:Originally posted by Major_Disorder

Hi Bruce,

Could you try:

Username: test@xboxracing.net
Password: test

Could you email me when you've completed a test and confirm the issue? I can then disable the account.

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes
</blockquote id="quote"></font id="quote">

Sorry, didn't see your last post.

Send me a login.


[b]quote:Originally posted by Major_Disorder

Any joy on this bruce?

I'm still stuck at the mo. Does DiscountASP have a PSS contract with Microsoft, if so would DiscountASP be able to raise this with Microsoft?

If you want to see the bug first hand let me know and I'll give you login details. I still have an open ticket with support as far as I'm aware so I'll pick up with them later today

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes
</blockquote id="quote"></font id="quote">

Hi Bruce,

Could you try:

Username: test@xboxracing.net
Password: test

Could you email me when you've completed a test and confirm the issue? I can then disable the account.

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

Pete,

I did some test on your site.

1) I logon
2) record the process id of worker process
3) tracked the current connection on your site

I let it sat there for 10 mins, it didn't get any more activity and i saw the process go away.

If the process die, all your session go away with it.


[b]quote:Originally posted by Major_Disorder

http://www.xboxracing.net/

sorry about missing that one out ....

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes
</blockquote id="quote"></font id="quote">

http://www.xboxracing.net/

sorry about missing that one out ....

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

Pete,

As far as I know, if the machine.config of DASP states session timeout is 10 minutes, then you can set any value you want, I will be 10 minutes.

I had similar problems with my authentication. The persistent authentication cookie didn't seem to be persistent at all. I googled a bit, and found a solution that worked for me.
[quote]
FormsAuthenticationTickettkt;
stringcookiestr;
HttpCookieck;

tkt=newFormsAuthenticationTicket(1,_visitor.login, DateTime.Now,FrosCommBL.LoginPublisher.CookieValid Until(),chkPersist.Checked,_visitor.login);
cookiestr=FormsAuthentication.Encrypt(tkt);
ck=newHttpCookie(FormsAuthentication.FormsCookieNa me,cookiestr);
if(chkPersist.Checked)
ck.Expires=tkt.Expiration;
Response.Cookies.Add(ck);</fontid="purple"></CODE>
It creates a ticket itself, instead of just using the formsauthentication class.
<ul> _visitor is the visitor FrosCommBL.LoginPublisher.CookieValidUntil() is for setting the expiring date of the persistent cookie [/list]

Hope this helps ...


--
Steurm
www.steurm.net/steurm

Perhaps the confusion is because the FormsAuthenticationTicket has it's own expiration that is separate from the cookie's expiration.

Keith Payne
Technical Marketing Solutions

[b]quote:Originally posted by bruce

Pete,

I did some test on your site.

1) I logon
2) record the process id of worker process
3) tracked the current connection on your site

I let it sat there for 10 mins, it didn't get any more activity and i saw the process go away.

If the process die, all your session go away with it.


[b]quote:Originally posted by Major_Disorder

http://www.xboxracing.net/

sorry about missing that one out ....

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes
</blockquote id="quote"></font id="quote">
</blockquote id="quote"></font id="quote">

Bruce,
Thanks for looking at this. To me it looks like your Machine.Config settings are overriding my site settings.

I have set my session time to be much longer than 10 minutes but it appears the global server settings are ruling.

The bit that still isn't explained though is why my users cannot login again even though they have a persisted cookie. I would have thought that a valid cookie should still allow a user to be authenticated even if their original session had been lost. This is certainly the functionality I see on my box here...i.e reboot the server and the user can still automatically log in.

One question, probably stupid but I'm assuming that the site resides on a single server and there isn't a webfarm scenario? As this would obviously screw the site totally with the current session settings in Web.Config.



regards

Pete



XBOXRacing.net

Tournaments, Leagues & Prizes

Maybe try passing

System.DateTime.Now.AddMinutes(10)

instead of


FrosCommBL.LoginPublisher.CookieValidUntil(),

FrosCommBL is some custom class?

Well, I'm as happy a pig in sh*t. I don't know what's changed recently on the DiscountASP server(s), but my forms authentication is know working again as expected.

I've not made any changes to my site, it's just up and running again. So, DASP if you've made a change in the last couple of days could you let us know what it is so we don't fall foul of it again.

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

HI.........
I am facing the same issue of Random loss of Authentication Cookie and Session Time outs in My ASP.net site. Is there anything concrete found to resolve this problem


Sameer Fegade

[b]quote:Originally posted by Sameer Fegade

HI.........
I am facing the same issue of Random loss of Authentication Cookie and Session Time outs in My ASP.net site. Is there anything concrete found to resolve this problem
</blockquote id="quote"></font id="quote">

Well another update for you all. The functionality did work again for a while after I posted back here saying how happy I was......guess what?????

It doesn't work again! From what I can see there isn't a pattern to why this user logon session is lost. It isn't tied to my source code or a bug therein.

I've posted atrouind the majority of the Microsoft newsgroups and a few other people have seen similar issues but again wth no pattern. My thought is that it's either an IIS or .NET bug that only happens under some weird circumstance. May be it's reset by the server being rebooted who knows (was the DASP server rebooted anytime around xmas time?)

Anyway I'm back to having to log on every time, it sucks but there ya go. Nobody seems to have an answer, it's just the way it is.



XBOXRacing.net

Tournaments, Leagues & Prizes

Sure enough, I am also a discountasp.net user with the same problem. Has anyone determined the cause of this yet? My site absolutely has to allow persistent cookies, and my code is working perfectly on my development machine but not on the discountasp.net servers. My cookies persist for about 30 minutes or so, but then my users have to sign in again.

According to everything I've ever read on this topic, the FormsAuthentication object is supposed to persist cookies for 50 years! I can close out my browser and the cookie remembers my user, so I know I've got the right settings in my code, but the memory doesn't last. Any ideas?

Thanks,

Sean

Couple more things that could cause an application to recycle

1) The application crashed

2) Your application exceed the max memory allowance (101MB)

I am not sure if this is the case

[b]quote:Originally posted by Major_Disorder

[b]quote:Originally posted by Sameer Fegade

HI.........
I am facing the same issue of Random loss of Authentication Cookie and Session Time outs in My ASP.net site. Is there anything concrete found to resolve this problem
</blockquote id="quote"></font id="quote">

Well another update for you all. The functionality did work again for a while after I posted back here saying how happy I was......guess what?????

It doesn't work again! From what I can see there isn't a pattern to why this user logon session is lost. It isn't tied to my source code or a bug therein.

I've posted atrouind the majority of the Microsoft newsgroups and a few other people have seen similar issues but again wth no pattern. My thought is that it's either an IIS or .NET bug that only happens under some weird circumstance. May be it's reset by the server being rebooted who knows (was the DASP server rebooted anytime around xmas time?)

Anyway I'm back to having to log on every time, it sucks but there ya go. Nobody seems to have an answer, it's just the way it is.



XBOXRacing.net

Tournaments, Leagues & Prizes
</blockquote id="quote"></font id="quote">

I use a free program called Refresher
http://download.com.com/3000-2366-8973918.html?tag=lst-0-1

I have it hit a low bandwidth page on my website once every 5 mins. This works like a charm - my application/sessions never expire!

Ok. We found the solution to the problem

Change this setting in your web.config file

<forms loginUrl="default.aspx" protection="All" timeout="15"/>

to

<forms loginUrl="default.aspx" protection="None" timeout="15"/>


[b]quote:Originally posted by mlawrence

I use a free program called Refresher
http://download.com.com/3000-2366-8973918.html?tag=lst-0-1

I have it hit a low bandwidth page on my website once every 5 mins. This works like a charm - my application/sessions never expire!
</blockquote id="quote"></font id="quote">

Someone needs to make sure that the servers at discountASP are not running virus scanning on the web.config or machine.config. MS Knowledge Base 316148.

Jim Ptak
www.obvient.com

I'm having the same session problem with my ASP pages hosted at discountasp.net. Can somebody give me a full example how the web.config file should look like? I've never done that before and are a bit puzzled.

Thanks!

Does anyone know why we have to remove the protection on the forms authentication? Bruce?

If disabling it will make it work, I'll be using it for now, but I would prefer to keep my authentication cookies encrypted (force of habit).

My web service write "startup" to a log file when the constructor is first accessed. I use the new Job Scheduler feature to ensure the service is hit at least every 15 minutes.

I added a static timer and when it fires it logs the current date/time every 10 seconds.

This hs ran for 3 days. The log clearly shows that the ASP.NET worker process on the server hosting my site is completely restarting every 10 minutes.

<forms loginUrl="default.aspx" protection="None" timeout="15"/>


[b]quote:Originally posted by alexfilo

Does anyone know why we have to remove the protection on the forms authentication? Bruce?

If disabling it will make it work, I'll be using it for now, but I would prefer to keep my authentication cookies encrypted (force of habit).


</blockquote id="quote"></font id="quote">

From 11 PM to 1:30 AM it improved and was cycling every 20 to 40 minutes. After 1:30 it started back on the 10 minute cycle. I'll continue to monitor.

Hello all.

My users too are having a (huge) problem with a seesion ending after around 30min or so. And then they can not access the database for some period of time, that is, after they are booted out of an active session, they can not access pages that require info from the MS SQL Server for however long.

To access the 'dynamic' part of my website requires a login that I handle myself, I keep their password, I check their password. I saw friend "bruce" post a fix that is:

"<forms loginUrl="default.aspx" protection="None" timeout="15"/>"

Does this apply to me? I have no 'default.aspx', but do have a default page named something else, however this default page is independent of my 'login' (which again, I verify against my DB).

Does the above web.config apply to my site? If so, where would I put it in my config file as shown:

<configuration>
<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="Off" />
<authentication mode="Windows" />
<authorization> <allow users="*" /> </authorization>
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>

If it does not apply but is in fact a fix to this killer problem of users loseing active sessions, then I reckon I must use an "authentication mode" that would allow the fix.

Arg, I'm confused. I thought a session timeout period related to inactivity reguardless of authentication mode, not to 'absolute time'.

Any help?

Thanks.

www.abovethefiels.com
and for the part that uses the MSSQL DB,
www.abovethefields.com/gaming/login.aspx

http://www.abovethefields.com

Are you sure that's a session reset?

It should not have anything to do with MS SQL connection.


[b]quote:Originally posted by Burkhalter

Hello all.

My users too are having a (huge) problem with a seesion ending after around 30min or so. And then they can not access the database for some period of time, that is, after they are booted out of an active session, they can not access pages that require info from the MS SQL Server for however long.

To access the 'dynamic' part of my website requires a login that I handle myself, I keep their password, I check their password. I saw friend "bruce" post a fix that is:

"<forms loginUrl="default.aspx" protection="None" timeout="15"/>"

Does this apply to me? I have no 'default.aspx', but do have a default page named something else, however this default page is independent of my 'login' (which again, I verify against my DB).

Does the above web.config apply to my site? If so, where would I put it in my config file as shown:

<configuration>
<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="Off" />
<authentication mode="Windows" />
<authorization> <allow users="*" /> </authorization>
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>

If it does not apply but is in fact a fix to this killer problem of users loseing active sessions, then I reckon I must use an "authentication mode" that would allow the fix.

Arg, I'm confused. I thought a session timeout period related to inactivity reguardless of authentication mode, not to 'absolute time'.

Any help?

Thanks.

www.abovethefiels.com
and for the part that uses the MSSQL DB,
www.abovethefields.com/gaming/login.aspx

http://www.abovethefields.com
</blockquote id="quote"></font id="quote">

My problem remains, every 20 to 40 minutes I *know for a fact* that *as I described previously* the aspnet_wp.exe worker process is restarting on the server(s) that my site is hosted (OR) the Application Domain is being programatically reset. This is *regardless* of the fix that has been mentioned in this thread several times which I *did* try.

Another reason why the process is recycle is because of high memory usage. Any worker process exceeding 100MB will be recycled.


[b]quote:Originally posted by diltonm

My problem remains, every 20 to 40 minutes I *know for a fact* that *as I described previously* the aspnet_wp.exe worker process is restarting on the server(s) that my site is hosted (OR) the Application Domain is being programatically reset. This is *regardless* of the fix that has been mentioned in this thread several times which I *did* try.

</blockquote id="quote"></font id="quote">

Thanks for fast reply Bruce to my post on the 20th.

Right, I understand the problem has nothing to dow with the database. Anyway, The problem of the frequent resets seems to have been cured by changing my sessionState timeout from the VS .NET default of '20' to '480'.:

<sessionState mode="InProc" ..... timeout="480" />

One Question: I assumed the sessionState timeout related to Inactivity, not an Absolute seesion time. It appears this changed worked, and hence my assumption sessionState timeout is an Abosolute time period.... is this true?

If true, is there an Inactivity Timeout in web.config?

My basic question of the first post was about your stated fix from an earlier post, where you said add:

"<forms loginUrl="default.aspx" protection="None" timeout="15"/>"

Is this directly under 'system.web'?
My authentication mode="Windows", whould the above even apply?

Thanks.

http://www.abovethefields.com

though the "cool" .Net part begins at

http://www.abovethefields.com/gaming/login.aspx

http://www.abovethefields.com

I've not found a solution to the ASP.NET worker process is restarting every 20 to 40 minutes problem. This means my entire site is restarting and any sites on the same server. The effect can also be noticed by waiting about 40 minutes then hitting my home page and there is a noticible delay while IIS reloads the ASP.NET worker process.

This is detrimental to the performance and consitency of my site. The standard ASP.NET installation does not do this. There has to be some custom setting most likely in machine.config and probably not overridable in web.config that governs (or causes) this bahavior.

Would like to add my users sessions abuptly end after some amount of time (sometimes an hour, sometimes 30 minutes).

A fix was posted earlier than assumes authentication mode is forms. Does this mean if authentication mode is Windows there is no fix?

I understand that if the web app usess 100MB or so of memory it will be kicked out, Idon't think this is the problem.





http://www.abovethefields.com

Today I went through the code and called 'Dispose' for all SQL commands and connections, and in this half day of testing the sudden session end has stopped.

And so far the Discount ASP web site is a fast as ever, no session boots, excelent.

http://www.abovethefields.com

That's good to hear. I've not been actively using any SQL on my site here. My problem remains. This is the only .NET ISP I use. On many machines I've had ASP.NET installed on an not on the Internet, I've not had such a problem as this.

Would it be possible to create some "Keep alive" code and put it in the session end event so that when the session ends it automatically gets restored?

Let me know if this works because I have the same problem.

I think the problem extends beyond sessions. I've created a C# static timer that regularly updates a text file. It writes "starting" when my site's DLL gets loaded. Since the timer is static, only two things can stop it if I don't manually; 1) my site's DLL gets unloaded or 2) the entire ASP.NET worker process is blown away by 'something'. If the latter is the case, and I think it may be because I can think of noting ain my expereince that would cause just my site's DLL to be unloaded excepting possibly server load but that would ahve to be an extreme case and would also still affect other sites on the same server; so either way I think all sites on that server are affected.

Also I have a DASP scheduled job that hits a Web Service compiled into my site's DLL and there is always a gap in time between the last time entry recorded in the log and when "starting" is written to the log.

I've had a similar problem when downloading large files using streams. A download would be going fine and then I would get a session reset. The correction for me was adding a executionTimeout entry into my web.config file.

<httpRuntime executionTimeout="1800" />

This extended the amount of time that was allowed for a request to execute. Perhaps if your problems are being caused by a random SQL statement running long and timing out this could help.



Phil Curnan
www.wildmousesoftware.com
Warehouse Management System Implementation Tools Targeted to the SMB Market.

Thanks Phil, those are good points. Another property of httpruntime is:

"maxRequestLength="[KBytes]" - KBytes size of maximum request length to accept"

which affects the file size.

Thing is, I run no SQL and have no long running jobs or connections.

The problem seems to have cleared up!! I've checked back over my logs for several days since the 20th at least, and haven't seen the regular stopping. It's been running very regular.

I don't know if the DASP staff changed something? If you did then thanks very much!!

good to hear diltonm.

Again, I do use a SQL database, and since May 31st (after I made some code change, so the problem was mine and not DsicountASP in the first place) my DiscountASP site has been excelent.

http://www.abovethefields.com