Loss of sessions

Hi,
This may well be related to another post "Application keeps resetting" - forum.discountasp.net/topic.asp?TOPIC_ID=581. I have a logon feature on my site that used to work great as I'd overiden the default timeout of 10 minutes to be bigger so people could remain logged on.

However for a couple of weeks now this feature seems to have changed. Is this due to the application reset as seen in the other thread mentioned above?. If so is there any way for me to revert back to my previous settings through changes to web.config?

I'd really like to be able to keep my members logged on if they want to. Is there anything I can do?

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

 

Your web.config will be overridden by machine.config. DASP has set this to 10 minutes. I described a workaround in the article mentioned, it works for me ...

--
Steurm
www.steurm.net/steurm

 

Thanks steurm, I can see how this might help while the user is accessing the site and browsing around pages. However, I had a really nice solution to let members to return to the site and stay "logged in" through my cookies. This seems to be broken now and I can only assume it's down to the constant resetting of the application (it works fine on my dev environment).

Does anyone else have a solution to keeping users logged on (via cookies) on this new server set up? I'm starting to get a few complaints / queries from my users so I'd obviously like to sort it out and get it working how is was. i.e. correctly.

Is is really necessary to reset the application every x minutes or is this a "just in case" approach?

Hope someone can solve this

cheers

Pete



XBOXRacing.net

Tournaments, Leagues & Prizes

 

I would be interested to know how many other people have noticed issues with sessions expiring in the past few weeks. i.e different functionality to what used to be.

This is not a whinge, just information gathering.

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

 

Well after more investigation I'm still suffering users being logged out randomly. I can confirm that the user session is not expiring just the authenticated part of the "session".

I've juggled web.config settings, posted the ms newsgroups all to no avail. Anyone have any ideas at all why this might be happening?

Cheers

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

 

Hi Bruce,
I created a logging mechanism to record the user sessions in the global.asax just to check whether they were being expired. I write to a log file when the user session started & when the application started. This confirmed that the User Session object was not being expired, but the user was still being kicked out of secure areas of the site.

Here's my web.config settings

<authentication mode="Forms">
<forms name="XBOXAUTH" loginUrl="xxx.aspx" timeout="100000"
slidingExpiration="true" />
</authentication>

<sessionState mode="InProc" stateConnectionString="tcpip=xxxxxx"
sqlConnectionString="data source=xxxx;user id=xxx;password=xxx"
cookieless="false" timeout="100000" />

As you can see from the web.config I shouldn't be getting users randomly logged out (as the time period is long). The cookies are being persisted to the client's machine, but for some reason the log on session is lost from time to time (usually after filling out a forum message,thus loosing the lot!).

I've fully tested this on my development machine (Windows XP Pro v1.1 .NET) and it works correctly with user's authenicated session lasting for the value set in the "authentication" part of web.config and they are also able to close the browser session and log on again with the persisted cookie.

I'm at a loss as what to try next, I've posted on the ms newsgroups but no-one there has replied (3 weeks now).

If there's anything I can try I will as this is very anoying for my users.

Is there anything in machine.config that could cause this??? I don't know what else to do.

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

 

Any joy on this bruce?

I'm still stuck at the mo. Does DiscountASP have a PSS contract with Microsoft, if so would DiscountASP be able to raise this with Microsoft?

If you want to see the bug first hand let me know and I'll give you login details. I still have an open ticket with support as far as I'm aware so I'll pick up with them later today

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

 

Hi Bruce,

Could you try:

Username: [email protected]
Password: test

Could you email me when you've completed a test and confirm the issue? I can then disable the account.

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

 

http://www.xboxracing.net/

sorry about missing that one out ....

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

 

Pete,

As far as I know, if the machine.config of DASP states session timeout is 10 minutes, then you can set any value you want, I will be 10 minutes.

I had similar problems with my authentication. The persistent authentication cookie didn't seem to be persistent at all. I googled a bit, and found a solution that worked for me.

 

Perhaps the confusion is because the FormsAuthenticationTicket has it's own expiration that is separate from the cookie's expiration.

Keith Payne
Technical Marketing Solutions

 

quote:Originally posted by bruce

Pete,

I did some test on your site.

1) I logon
2) record the process id of worker process
3) tracked the current connection on your site

I let it sat there for 10 mins, it didn't get any more activity and i saw the process go away.

If the process die, all your session go away with it.


quote:Originally posted by Major_Disorder

http://www.xboxracing.net/

sorry about missing that one out ....

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes
</blockquote id="quote"></font id="quote">
</blockquote id="quote"></font id="quote">

Bruce,
Thanks for looking at this. To me it looks like your Machine.Config settings are overriding my site settings.

I have set my session time to be much longer than 10 minutes but it appears the global server settings are ruling.

The bit that still isn't explained though is why my users cannot login again even though they have a persisted cookie. I would have thought that a valid cookie should still allow a user to be authenticated even if their original session had been lost. This is certainly the functionality I see on my box here...i.e reboot the server and the user can still automatically log in.

One question, probably stupid but I'm assuming that the site resides on a single server and there isn't a webfarm scenario? As this would obviously screw the site totally with the current session settings in Web.Config.



regards

Pete



XBOXRacing.net

Tournaments, Leagues & Prizes

 

Maybe try passing

System.DateTime.Now.AddMinutes(10)

instead of


FrosCommBL.LoginPublisher.CookieValidUntil(),

FrosCommBL is some custom class?

 

Well, I'm as happy a pig in sh*t. I don't know what's changed recently on the DiscountASP server(s), but my forms authentication is know working again as expected.

I've not made any changes to my site, it's just up and running again. So, DASP if you've made a change in the last couple of days could you let us know what it is so we don't fall foul of it again.

thanks

Pete

XBOXRacing.net

Tournaments, Leagues & Prizes

 

HI.........
I am facing the same issue of Random loss of Authentication Cookie and Session Time outs in My ASP.net site. Is there anything concrete found to resolve this problem


Sameer Fegade

 

quote:Originally posted by Sameer Fegade

HI.........
I am facing the same issue of Random loss of Authentication Cookie and Session Time outs in My ASP.net site. Is there anything concrete found to resolve this problem
</blockquote id="quote"></font id="quote">

Well another update for you all. The functionality did work again for a while after I posted back here saying how happy I was......guess what?????

It doesn't work again! From what I can see there isn't a pattern to why this user logon session is lost. It isn't tied to my source code or a bug therein.

I've posted atrouind the majority of the Microsoft newsgroups and a few other people have seen similar issues but again wth no pattern. My thought is that it's either an IIS or .NET bug that only happens under some weird circumstance. May be it's reset by the server being rebooted who knows (was the DASP server rebooted anytime around xmas time?)

Anyway I'm back to having to log on every time, it sucks but there ya go. Nobody seems to have an answer, it's just the way it is.



XBOXRacing.net

Tournaments, Leagues & Prizes

 

Sure enough, I am also a discountasp.net user with the same problem. Has anyone determined the cause of this yet? My site absolutely has to allow persistent cookies, and my code is working perfectly on my development machine but not on the discountasp.net servers. My cookies persist for about 30 minutes or so, but then my users have to sign in again.

According to everything I've ever read on this topic, the FormsAuthentication object is supposed to persist cookies for 50 years! I can close out my browser and the cookie remembers my user, so I know I've got the right settings in my code, but the memory doesn't last. Any ideas?

Thanks,

Sean

 

I use a free program called Refresher
http://download.com.com/3000-2366-8973918.html?tag=lst-0-1

I have it hit a low bandwidth page on my website once every 5 mins. This works like a charm - my application/sessions never expire!

 

Someone needs to make sure that the servers at discountASP are not running virus scanning on the web.config or machine.config. MS Knowledge Base 316148.

Jim Ptak
www.obvient.com

 

I'm having the same session problem with my ASP pages hosted at discountasp.net. Can somebody give me a full example how the web.config file should look like? I've never done that before and are a bit puzzled.

Thanks!

 

Does anyone know why we have to remove the protection on the forms authentication? Bruce?

If disabling it will make it work, I'll be using it for now, but I would prefer to keep my authentication cookies encrypted (force of habit).

 

My web service write "startup" to a log file when the constructor is first accessed. I use the new Job Scheduler feature to ensure the service is hit at least every 15 minutes.

I added a static timer and when it fires it logs the current date/time every 10 seconds.

This hs ran for 3 days. The log clearly shows that the ASP.NET worker process on the server hosting my site is completely restarting every 10 minutes.

 

From 11 PM to 1:30 AM it improved and was cycling every 20 to 40 minutes. After 1:30 it started back on the 10 minute cycle. I'll continue to monitor.