Sporadically losing session state when redirecting from http to ht

Discussion in 'ASP .Net' started by TS, Jan 15, 2010.

  1. TS

    TS Guest

    Hello:

    I have an issue with an ecommerce website that is losing session for some
    users. The session data is being lost when the user is redirected from http
    to https.

    What is really puzzling me here is that the issue only happens for a small
    percentage of users. About 4 or 5 five users has experienced the problem. The
    rest of the 250+ users didn’t have any problems placing orders using the
    website. The users with the problem are not connected in any way; they all
    are in different places with different systems.

    I’ve tried logging in as the problem users and placing orders on their
    behalf and everything has worked fine for me. Any advice here on what to do
    to troubleshoot and what can be causing this issue is greatly appreciated.

    The application is developed in ASP.Net 3.5 and is running in IIS 6.0

    Thanks a lot,
    TS
     
    TS, Jan 15, 2010
    #1
    1. Advertising

  2. TS

    Tom Dacon Guest

    "TS" <> wrote in message
    news:...
    > Hello:
    >
    > I have an issue with an ecommerce website that is losing session for
    > some
    > users. The session data is being lost when the user is redirected from
    > http
    > to https.
    >
    > What is really puzzling me here is that the issue only happens for a
    > small
    > percentage of users. About 4 or 5 five users has experienced the problem.
    > The
    > rest of the 250+ users didn't have any problems placing orders using the
    > website. The users with the problem are not connected in any way; they all
    > are in different places with different systems.
    >
    > I've tried logging in as the problem users and placing orders on their
    > behalf and everything has worked fine for me. Any advice here on what to
    > do
    > to troubleshoot and what can be causing this issue is greatly appreciated.
    >
    > The application is developed in ASP.Net 3.5 and is running in IIS 6.0
    >
    > Thanks a lot,
    > TS
    >


    We had that problem ourselves with our own applications, and solved it by
    going to a third-party solution for session store: Alachisoft's NCache
    product. It's not cheap, but it solved the http/https problem completely.

    Tom Dacon
     
    Tom Dacon, Jan 15, 2010
    #2
    1. Advertising

  3. TS

    TS Guest

    Re: Sporadically losing session state when redirecting from http t

    Hello Tom:

    Thank you for your response. Before using Alachisoft’s NCache did you try
    using State server or SQL server session state modes or you just tried InProc
    and went directly this third party product? I am using InProc right now and
    haven’t tried any other mode.

    Also, any thoughts or why this is happening in the first place? It
    shouldn’t even with InProc.

    Thanks,
    TS


    "Tom Dacon" wrote:

    > "TS" <> wrote in message
    > news:...
    > > Hello:
    > >
    > > I have an issue with an ecommerce website that is losing session for
    > > some
    > > users. The session data is being lost when the user is redirected from
    > > http
    > > to https.
    > >
    > > What is really puzzling me here is that the issue only happens for a
    > > small
    > > percentage of users. About 4 or 5 five users has experienced the problem.
    > > The
    > > rest of the 250+ users didn't have any problems placing orders using the
    > > website. The users with the problem are not connected in any way; they all
    > > are in different places with different systems.
    > >
    > > I've tried logging in as the problem users and placing orders on their
    > > behalf and everything has worked fine for me. Any advice here on what to
    > > do
    > > to troubleshoot and what can be causing this issue is greatly appreciated.
    > >
    > > The application is developed in ASP.Net 3.5 and is running in IIS 6.0
    > >
    > > Thanks a lot,
    > > TS
    > >

    >
    > We had that problem ourselves with our own applications, and solved it by
    > going to a third-party solution for session store: Alachisoft's NCache
    > product. It's not cheap, but it solved the http/https problem completely.
    >
    > Tom Dacon
    >
    >
    >
    >
    > .
    >
     
    TS, Jan 18, 2010
    #3
  4. TS

    Tom Dacon Guest

    Re: Sporadically losing session state when redirecting from http t

    "TS" <> wrote in message
    news:...
    > Hello Tom:
    >
    > Thank you for your response. Before using Alachisoft's NCache did you try
    > using State server or SQL server session state modes or you just tried
    > InProc
    > and went directly this third party product? I am using InProc right now
    > and
    > haven't tried any other mode.
    >
    > Also, any thoughts or why this is happening in the first place? It
    > shouldn't even with InProc.
    >


    Well, we were trying to avoid single points of failure, so that ruled out
    the state server. We frankly didn't pursue SQL Server because our SQL Server
    situation is pretty loaded up and we couldn't afford to put any more SQL
    Servers online. You can set up NCache as a session store server in a variety
    of ways. The way we chose was to have it running on each of the LB app
    servers, sharing state among themselves in a peer configuration. That way if
    one of the load-balanced app servers happens to go down, the two remaining
    servers (in our configuration) continue to share what is then a two-way peer
    configuration for session store. You can also set it up with the session
    state servers running in their own load-balanced cluster if you're ambitious
    and have servers coming out of your ears. But either way, we avoided a
    single point of failure for session store.

    The thing with NCache, session store information is held exclusively in
    memory and doesn't spill over to any persistent medium, so you have to be
    careful about how much state information you're keeping in the Session
    object. Fortunately for us this is no problem, which it otherwise would be
    because it's running right on the app servers themselves.

    I'm sorry I can't shed any real light on why the problem is actually
    happening, since I'm far from an expert on IIS.

    The Alachisoft folks have some white papers on their site that you might be
    interested in: www.alachisoft.com

    HTH,
    Tom
     
    Tom Dacon, Jan 19, 2010
    #4
  5. TS

    TS Guest

    Re: Sporadically losing session state when redirecting from http t

    Thank you so much Tom, I appreciate you taking the time to respond and
    providing such a detailed answer.
    While I see that your approach might solve my problem based on your own
    results, I am hesitant to pay for a third party solution and even to move
    from session state mode InProc to State Server or SQL Server. I would like to
    see what’s really going on here, where is the failure happening and why this
    is only an issue for less than 1% of my users. I am out of ideas about why
    this is happening and would like to hear opinions on what could be root cause
    of this issue.


    "Tom Dacon" wrote:

    >
    > "TS" <> wrote in message
    > news:...
    > > Hello Tom:
    > >
    > > Thank you for your response. Before using Alachisoft's NCache did you try
    > > using State server or SQL server session state modes or you just tried
    > > InProc
    > > and went directly this third party product? I am using InProc right now
    > > and
    > > haven't tried any other mode.
    > >
    > > Also, any thoughts or why this is happening in the first place? It
    > > shouldn't even with InProc.
    > >

    >
    > Well, we were trying to avoid single points of failure, so that ruled out
    > the state server. We frankly didn't pursue SQL Server because our SQL Server
    > situation is pretty loaded up and we couldn't afford to put any more SQL
    > Servers online. You can set up NCache as a session store server in a variety
    > of ways. The way we chose was to have it running on each of the LB app
    > servers, sharing state among themselves in a peer configuration. That way if
    > one of the load-balanced app servers happens to go down, the two remaining
    > servers (in our configuration) continue to share what is then a two-way peer
    > configuration for session store. You can also set it up with the session
    > state servers running in their own load-balanced cluster if you're ambitious
    > and have servers coming out of your ears. But either way, we avoided a
    > single point of failure for session store.
    >
    > The thing with NCache, session store information is held exclusively in
    > memory and doesn't spill over to any persistent medium, so you have to be
    > careful about how much state information you're keeping in the Session
    > object. Fortunately for us this is no problem, which it otherwise would be
    > because it's running right on the app servers themselves.
    >
    > I'm sorry I can't shed any real light on why the problem is actually
    > happening, since I'm far from an expert on IIS.
    >
    > The Alachisoft folks have some white papers on their site that you might be
    > interested in: www.alachisoft.com
    >
    > HTH,
    > Tom
    >
    >
    >
    > .
    >
     
    TS, Jan 19, 2010
    #5
  6. TS

    Tom Dacon Guest

    Re: Sporadically losing session state when redirecting from http t

    "TS" <> wrote in message
    news:...
    > Thank you so much Tom, I appreciate you taking the time to respond and
    > providing such a detailed answer.
    > While I see that your approach might solve my problem based on your own
    > results, I am hesitant to pay for a third party solution and even to move
    > from session state mode InProc to State Server or SQL Server. I would like
    > to
    > see what's really going on here, where is the failure happening and why
    > this
    > is only an issue for less than 1% of my users. I am out of ideas about why
    > this is happening and would like to hear opinions on what could be root
    > cause
    > of this issue.


    I know what you mean - this is an expensive solution for a problem that
    shouldn't be a problem. If you make any progress on finding out the root
    cause of the problem, please post to the newsgroup. We've got plenty of
    other uses for the money we're spending on this solution.

    For what it's worth, we have an unconfirmed opinion that the problem is that
    the stickiness of the session just gets lost in the shift between http and
    https, and if the user happens to come back on a different server in the lb
    cluster his Session object is nowhere to be found on that machine. A factor
    could be the particular lb strategy you're using and the busy-ness of the
    server cluster.If this supposition is correct, perhaps 99% of your users
    conveniently land on the same server after the switch, and just a few land
    elsewhere. But all that of course just describes the symptoms, rather than
    addressing the underlying cause.

    Thanks and good luck,
    Tom Dacon
     
    Tom Dacon, Jan 19, 2010
    #6
  7. TS

    James Guest

    "TS" <> wrote in message
    news:...
    > Hello:
    >
    > I have an issue with an ecommerce website that is losing session for
    > some
    > users. The session data is being lost when the user is redirected from
    > http
    > to https.
    >
    > What is really puzzling me here is that the issue only happens for a
    > small
    > percentage of users. About 4 or 5 five users has experienced the problem.
    > The
    > rest of the 250+ users didn’t have any problems placing orders using the
    > website. The users with the problem are not connected in any way; they all
    > are in different places with different systems.
    >
    > I’ve tried logging in as the problem users and placing orders on their
    > behalf and everything has worked fine for me. Any advice here on what to
    > do
    > to troubleshoot and what can be causing this issue is greatly appreciated.
    >
    > The application is developed in ASP.Net 3.5 and is running in IIS 6.0
    >
    > Thanks a lot,
    > TS
    >


    Why not force the application to run totally in https mode? You can do this
    in Application_Start() event.
     
    James, Jan 20, 2010
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Werner

    Losing Session State

    Werner, Feb 20, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    625
    Alvin Bruney [MVP]
    Mar 2, 2004
  2. Vinay Joseph Mathew

    Losing Session State on a State Server

    Vinay Joseph Mathew, Aug 10, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    601
    =?Utf-8?B?c29ubnk=?=
    Sep 16, 2004
  3. =?Utf-8?B?U2FuZHk=?=

    Session State - lost sporadically and frequently

    =?Utf-8?B?U2FuZHk=?=, Aug 5, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    485
    =?Utf-8?B?UGF1bCBI?=
    Aug 26, 2005
  4. =?Utf-8?B?cHJhZGVlcF9UUA==?=

    Automatic Session timeout - sporadically

    =?Utf-8?B?cHJhZGVlcF9UUA==?=, Sep 29, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    2,286
    bercinn
    Feb 3, 2006
  5. Jason C
    Replies:
    4
    Views:
    688
    Morty Abzug
    Jun 26, 2012
Loading...

Share This Page