0

I've a Web App that just recently has began randomly losing sessions. The exact cause is elusive at best, however it seems the session is killed/lost on the server side and results in the user needing to close their browser entirely and relaunch in order to log back in.

I wish I could provide some code, but I can't figure out where the problem is at all.

Here is a session action filter we use currently:

public class SessionExpireAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        HttpContext lvContext = HttpContext.Current;

        //if(

        // check if session is supported   
        if (lvContext.Session != null)
        {

            // check if a new session id was generated   
            if (lvContext.Session.IsNewSession)
            {

                // If it says it is a new session, but an existing cookie exists, then it must   
                // have timed out   
                string sessionCookie = lvContext.Request.Headers["Cookie"];
                if ((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0))
                {

                    lvContext.Response.Redirect("~/Account/Timeout");
                }
            }
        }


        base.OnActionExecuting(filterContext);
    }
}
Improve this question

2 Answers 2

Reset to default
1

Did you add a new feature that adds or removes files from the root directory or any of its subdirectories? That can cause the session to reset.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

AFAIK it's only folder deletes that cause this, adding and deleting files should be fine, unless you're adding and deleting them from the /bin and /App_Data folder. Also programmatically modifying the Web.config file can cause App Domain restarts. Check that your code isn't doing any of these things anywhere. If folder deletes is an issue, let me know, I know of a work around.
I did recently add two web-based image editors, however they only add/delete a temporary tiff file. The Web.config is never programmatically or manually altered unless we're releasing a new revision.
The temporary solution was to recycle the App Pool after every 100 calls. This has significantly reduced our incident rate.
0

Ultimately I moved to SQL State Server to handle my sessions. This outsources session handling to the SQL server allowing a session to persist through a recycle, etc. For more information see these links:

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.