In my current ASP.Net Project, we are using Forms Authentication together with in-process session.During the course of development and testing, I have been facing issues in regards to automatic session invalidation well before actual timeout & also Application restart randomly.After through profiling of my application I nailed down the cause for it.
I am pretty sure that every ASP.Net web developer knows the basics of session handling but at the same time many of us facing strange issues there! the application will not behave as expected. Due to the frequent changes in the technology especially in Microsoft platform I.e changes between the versions, the application will not behave according to the way we have thought of it.
In my current ASP.Net Ajax Web Application, I followed some of the best practices out there in the web with respect to handling session time outs:
Detecting Session Timeout in ASP.NET 2.0 Web Applicationsby Nikhil Kothari
My client’s requirement for session timeout period is 10 hrs, I thought this is just a web.config settings and went ahead and set the following in my web.config
I consciously thought of forms authentication too and set
<forms loginUrl=”~/LoginForm.aspx” defaultUrl=”~/TopForm.aspx” timeout=”600″/>
Also In the IIS settings for session timeout, I made 600 minutes for my web site!
What I found during testing was, my application got redirected to loginpage.aspx exactly after 20 mins. I thought the session was timed out, this redirection is purely due to my custom code whenever new session is created. I couldn’t figure the problem then I jumped into googling without giving any opportunity to my thinking process [I think many of us doing the same thing!!!!!!!!] which brought me to the pages I have mentioned above which I already followed in my application. I took a little break and finally devised a plan to unearth the problem, it was nothing but running perfmon and catch the following counters Sessions Active, Sessions Abandoned,Sessions Timed Out,Sessions Total. For ASP.Net Performance counters, refer MSDN http://technet2.microsoft.com/windowsserver/en/library/58de2498-d7d7-4557-ae2f-e6435aac344b1033.mspx?pf=true
After configured and started Perfmon counters, I restarted my application and noted down the time and also noted down the number of Active session [In my test bed it was only one at that time]. After 20 minutes I checked my application and obviously the same result, it took me to loginForm.aspx [Custom Redirection] but my perfmon results revealed me no session timeouts but at the same time no active sessionsexactly after 20 minutes, it means that the culprit is not session and it may be application restart / ASP.Net worker process restart. After this result, again I did Google but with different search phrase and this time I got what I wanted
.net session timeout settings in IIS6 on windows 2003 serverby Sanjay kattimani
In IIS 6.0, The application will restart after the being idle for the set time, the default is 20 minutes which can be seen under Application Pool settings I.e. Shut Down Worker Process after Being Idle for (time in minutes) default value is 20 minutes. After unchecked that option in my server [Win 2003 & IIS 6.0] it worked for me!.
“The number of times that an application has been restarted during the Web server’s lifetime. Application restarts are incremented with each Application_OnEnd event. An application restart can occur because of changes to the Web.config file, changes to assemblies stored in the application’s \Bin directory, or too many changes in Web Forms pages. Unexpected increases in this counter can mean that unforeseen problems are causing your Web application to shut down. In such circumstances you should investigate as soon as possible.”
Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 12030I hope this post helps & saves your time.