0

I have a web application created using .Net Framework 4.6.1. Recently, I started getting complaints from users that they were redirected to the login page. It only happens when session data is not found. I check for the user's session variable in Master page. Interestingly, it happens with only a few users randomly and no one can reproduce the issue. The web application is hosted on Windows Server 2016 using IIS 10. I use "InProc" session state and the setting I use in web.config is below.

<httpCookies sameSite="Strict" httpOnlyCookies="true" requireSSL="true" />
<httpRuntime targetFramework="4.6" maxRequestLength="30720" requestValidationMode="4.0" executionTimeout="300" enableVersionHeader="false"/>
<sessionState mode="InProc" timeout="240" cookieSameSite="Strict" cookieName="ASP.NET_SessionId"/>

I don't use a load-balancer and have set worker process to 1. I checked logs in EventViewer and didn't find any application level exceptions. There aren't any application pool recycles during the random logout time.

Has anyone had similar issues? What could be wrong in the configuration file? Any help would be appreciated. Thank you in advance.

Improve this question
6
  • Just turn on and use and adopt SQL server based sessions, and all your issues, and troubles in life will go away. The simple matter is just about any un-handled error can trigger a app-pool restart, and that means your session is lost. Turn on SQL server based session management, and even a re-start of the app pools, or in fact a restart of IIS will not effect users - their sessions will remain intact. We had nothing but issues and troubles - adopting SQL server session based management fixed all of our woe's Commented Mar 22, 2024 at 16:40
  • 240 is not in seconds but in minutes. There is no pool recycling during day time. I am not worry about that, Commented Mar 22, 2024 at 16:42
  • Well, any un-handled error can blow out session and trigger a app pool restart. So, unless you are 100% sure no errors trigger in your code, you can't assume session() will remain intact. Commented Mar 22, 2024 at 16:53
  • @AlbertD.Kallal Currently, I use Session_End event to clean up few items in database. How can I achieve it with StateServer or SQL Server based session ? This event is only available for "InProc" session state. Commented Mar 22, 2024 at 16:54
  • @AlbertD.Kallal If app pool gets restarted due to error, then all users should have lost their sessions. Why few users (2% of total) are affected ? Commented Mar 22, 2024 at 16:56
Related questions
1871
Is there a reason for C#'s reuse of the variable in a foreach?
502
Login failed for user 'IIS APPPOOL\ASP.NET v4.0'
170
How to access session variables from any class in ASP.NET?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.