Can I reconnect to a session that has timed out or been abandoned

B

Big Daddy

We have a problem where the session is getting abandoned for no
apparent reason. It's not timing out. We save some important data in
the Session object. The user will click on something, causing a
postback, and there will be nothing in the Session object. The session
is getting restarted with the same session ID. Since we haven't been
able to stop this from happening, we would like to just reconnect the
user to their old session data. We've been storing it in process, but
will probably have to switch to out of process (e.g. SQL Server), so
that it can persist. So this is what would happen: If a postback
occurs and there is no data in the Session cache, we'd just try to
reconnect to the old Session cache using the same Session ID. Is this
possible?

thanks in advance,
John
 
G

Guest

We have a problem where the session is getting abandoned for no
apparent reason. It's not timing out. We save some important data in
the Session object. The user will click on something, causing a
postback, and there will be nothing in the Session object. The session
is getting restarted with the same session ID. Since we haven't been
able to stop this from happening, we would like to just reconnect the
user to their old session data. We've been storing it in process, but
will probably have to switch to out of process (e.g. SQL Server), so
that it can persist. So this is what would happen: If a postback
occurs and there is no data in the Session cache, we'd just try to
reconnect to the old Session cache using the same Session ID. Is this
possible?
Click to expand...

First of all, check if it could be the reason of your problem
http://support.microsoft.com/kb/316148/

If it's not the case, I would suggest to use the database to save the
session data
 
?

=?ISO-8859-1?Q?G=F6ran_Andersson?=

Big said:
We have a problem where the session is getting abandoned for no
apparent reason. It's not timing out. We save some important data in
the Session object. The user will click on something, causing a
postback, and there will be nothing in the Session object. The session
is getting restarted with the same session ID. Since we haven't been
able to stop this from happening, we would like to just reconnect the
user to their old session data. We've been storing it in process, but
will probably have to switch to out of process (e.g. SQL Server), so
that it can persist. So this is what would happen: If a postback
occurs and there is no data in the Session cache, we'd just try to
reconnect to the old Session cache using the same Session ID. Is this
possible?

thanks in advance,
John
Click to expand...

A new session never gets the same session id as the previous one. If you
have the same session id, you have the same Session object. This
suggests that there actually is something in your code that removes the
session variables.
 
G

Guest

A new session never gets the same session id as the previous one. If you
have the same session id, you have the same Session object. This
suggests that there actually is something in your code that removes the
session variables.
Click to expand...

Göran:

Q: Why does the SessionID remain the same after the Session times out
or abandoned?
A: Even though the session state expires after the indicated timeout
period, the session ID lasts as long as the browser session. What this
implies is that the same session ID can represent multiple sessions
over time where the instance of the browser remain the same.

http://www.eggheadcafe.com/articles/20021016.asp
 
M

Mark Rae

A new session never gets the same session id as the previous one.
Click to expand...

This is simply untrue: http://support.microsoft.com/?kbid=899918

Specifically: "When you abandon a session, the session ID cookie is not
removed from the browser of the user. Therefore, as soon as the session has
been abandoned, any new requests to the same application will use the same
session ID but will have a new session state instance."
 
B

Big Daddy

First of all, check if it could be the reason of your problemhttp://support.microsoft.com/kb/316148/

If it's not the case, I would suggest to use the database to save the
session data
Click to expand...

I don't think the problem that the session is getting restarted is
because of antivirus software, as suggested by the article. We have
already looked into that.

As for your suggestion of using the database, do you mean coming up
with our own home-designed solution that is like a session cache, or
do you mean using the session where the mode is SQLServer and ASP.NET
automatically saves the session cache in the database? If you mean the
latter, that would be fine with me...I just don't know how to
reconnect to the session data after the session has been restarted.

thanks again,
John
 
G

Guest

As for your suggestion of using the database, do you mean coming up
with our own home-designed solution that is like a session cache
Yes.

If you mean the
latter, that would be fine with me...I just don't know how to
reconnect to the session data after the session has been restarted.
Click to expand...

I don't think this would be possible.

In any case, I think it is better to find why the session is getting
abandoned.
 
?

=?ISO-8859-1?Q?G=F6ran_Andersson?=

Alexey said:
Göran:

Q: Why does the SessionID remain the same after the Session times out
or abandoned?
A: Even though the session state expires after the indicated timeout
period, the session ID lasts as long as the browser session. What this
implies is that the same session ID can represent multiple sessions
over time where the instance of the browser remain the same.

http://www.eggheadcafe.com/articles/20021016.asp
Click to expand...

I see. I thought that would clearly be a security risk, but perhaps it
isn't.
 
?

=?ISO-8859-1?Q?G=F6ran_Andersson?=

Mark said:
This is simply untrue: http://support.microsoft.com/?kbid=899918

Specifically: "When you abandon a session, the session ID cookie is not
removed from the browser of the user. Therefore, as soon as the session has
been abandoned, any new requests to the same application will use the same
session ID but will have a new session state instance."
Click to expand...

I see. I thought that would clearly be a security risk, but perhaps it
isn't.
 
M

Mark Rae

I see. I thought that would clearly be a security risk, but perhaps it
isn't.
Click to expand...

I couldn't agree more!!! There are some, er, features of the Framework which
are unfathomable (to me, at least...) and this is one of them... :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

I'm tempted to quit out of frustration 1
System.Net.WebException: The operation has timed out 1
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
I Need Help with making a function that draws in a canvas using location data. 1
How can I view / open / render / display a pdf file with c code? 0
Reconnect to a session and authenticate. 7
HttpException "Request timed out" - how to handle? 3
Sorry for reposting - can not figure out... 7

Members online

No members online now.
Total: 27 (members: 0, guests: 27)
Robots: 455

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top