Session Timeout

[trullock]

Hi,

I want to test some session timeout code ive written but im getting a
few problems.

I want to reduce the session timeout to 1min so i dont have to wait
around for 20 min to see if my code is working. Quite simply, how do i
do this?

I want the session to behave exactly as it does normally (is that
InProc mode?)

After reading a lot, i think i need something like the below. When i
stick this in the webconfig:

<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" cookieless="false"
timeout="1"/>

I get a new session on every request. If i set cookieless to true then
it works as i'd expect, but my code is checking for the cookie so
thats no good to me.

If i use mode = sessionstate then i still get a new session on every
request.
Starting the asp.net session state service makes no difference

Am I missing something?

Thanks

Andrew

 

[Scott Roberts]

Hi,

I want to test some session timeout code ive written but im getting a
few problems.

I want to reduce the session timeout to 1min so i dont have to wait
around for 20 min to see if my code is working. Quite simply, how do i
do this?

I want the session to behave exactly as it does normally (is that
InProc mode?)

After reading a lot, i think i need something like the below. When i
stick this in the webconfig:

<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" cookieless="false"
timeout="1"/>

I get a new session on every request. If i set cookieless to true then
it works as i'd expect, but my code is checking for the cookie so
thats no good to me.

If i use mode = sessionstate then i still get a new session on every
request.
Starting the asp.net session state service makes no difference

Am I missing something?

Thanks

Andrew

Are you actually putting anything into the session? I don't think IIS keeps
the session *at all* if it's not used (there might be a setting for that).
Just put something, anything, in there to make IIS keep the session alive.

Also, are you sure the timeout value is specified in minutes? I don't recall
off the top of my head.

 

[Peter Bromberg [C# MVP]]

It's not "IIS" - its ASP.NET that handles the ASP.NET Session. And yes, if
you do not actually create a Session Item, then there is no real "Session" to
speak of.
-- Peter
Site: http://www.eggheadcafe.com
UnBlog: htp://petesbloggerama.blogspot.com
Short Urls & more: http://ittyurl.net

 

[Scott Roberts]

Peter is correct, of course.

Interestingly, I had this kind of trouble a few years ago with a 1.1 web
site. I was using the Session.SessionID to track data entry through an
online order form, but all data was stored/retrieved to/from a database on
each page request instead of using a session variable. During development
everything worked fine (the SessionID was the same on each page request).
Once the application was deployed things went very wrong since the SessionID
was different for each page request. That led me to believe there was a
difference between various web servers (specifically Cassini and IIS).
However, I just tried it with Cassini and it gave me a different SessionID
every time. Regardless, stuffing something into the session always makes it
"work".

 

[adda]

Hey Andrew,

You can declare a timeout value within the Session_Start
global.asax event, i.e. Session.Timeout = [ValueInMinutes] or
alternatively set the timeout property in the session state web.config
parameter.

Session management is managed through the processing of a Session cookie
on your machine, and on every postback to the server, and the browser
will embed the cookie information. ASP.NET will process that cookie
information, matching the ASP_SessionID key, which is embedded, against
the key that resides either in the InProc(ess), StateServer, or SQL
state server. If the key matches up, and it hasn't expired, i.e. Session
timeout, then the session continues. Alternatively, if cookies are
disabled, and the session management is cookieless, the ASP_SessionID is
placed in POST back URL to your server, in the <FORM tag.

However, if the cookie isn't being sent (Browsers can have cookies
disabled), then ASP.NET will continuously recreate a new session. I've
read somewhere that Anti-Virus programs that touch the web.config also
cause the invalidation of session data. However I cant see how that
would happen personally, might be a cache dependancy set somewhere.
Perhaps somebody that knows could explain this?

Can I make a suggestion, to understand more about session, get a copy of
WireShark off the web, it's a packet sniffer allowing you to trap
packets of information following between your browser and the server.
It'll show you in the HTTP POST or GET packets whether there is a
reference to the ASP.NET cookie or not. Rather invaluable in
understanding, and debugging difficult AJAX calls etc.

I'm not sure if I've helped or not.

Cheers
Chris