Most of the asp.net application using session, especially data driven applications. Mostly these kind of application using “Inproc” mode of session. During development the developer does not face any kind of problem with the session. When deploy the application the problem arise one by one. In this post I just want to share some thoughts and highlight some points to look into during this issue encountered.
Long back ago, I have developed one small application and bought hosting “shared” hosting plan. In this point the pain started, what happened is session has been shared between the user and session has been expired soon. After some chat with my provider I came to know that they also use web-farm (also using Load balancer) plus shared hosting. In order to maintain the session of a user, the machine key must be same between the server. But that kind of provisions not given by that host provider. However, the session time out set is 20 minutes. If the Load balancer problem fixed also your user will be push out from application 20 minutes. My point over here is, if you have an application, tightly coupled with Session means, you should consider this.
In Web.Config File:
Session State Node:
As a first step, check that web.config contains a valid entry on the “sessionState”. The “timeout” attribute denotes the idle time in minutes before a session is abandoned. By default, the time is 20 minutes. You can find more info about the “sessionState” in the below MSDN url:
Some times form authentication will create some tricks. Scott Hanselman gives a detailed overview on this topic.
You should also focus on the below IIS configuration elements, since they play a vital role too.
In IIS, select the “Application Pools” node, and select the application pool you have used and then select “Advanced Settings”.
In the “Advanced Settings” popup, under the “Process Model” set the property “Idle Time-out (minutes)”.
There is another property called, “Regular Time Interval” under the “Recycling” node. This property is used to specify the period of time after that application pool will recycle.
Apart from these, some times if anti-virus software will do the trick. During the scanning of the web.config file it will update the web.config file's date time (not the content). Which can be notified by the ASP.Net runtime, in turn it will recycle the app pool. To avoid this type of scenario, it is always best to keep away the web.config file from anti-virus program scanning.
Let me know your thoughts as comments :)