Session ending prematurely?

[TheDust]

I am having a curious problem... I have a large extranet in which the user first logs in with userName and password. Every page checks to see if the user's logged in, and if not, it kicks them back to the login screen. Once logged in, every page authenticates fine, but every once in a while, at seemingly random times, it kicks the user back to the login screen for some unknown reason.

I am setting 2 Session variables- one called "IsLoggedIn", which is either the string "true" or the string "false". Another is the user's name, simply called "userName". In my global.asax file, I define the Session variables like so:

void Session_OnStart() {
  Session["userName"] = "";
  Session["isLoggedIn"] = "false";
}
	
void Session_OnEnd() {
  Session["userName"] = "";
  Session["isLoggedIn"] = "false";
}

On every page I check if the user is logged in like so:

if (Convert.ToString(Session["isLoggedIn"]) != "true") {
  Response.Redirect("index.aspx");
}

Does anyone know what could be changing Session["isLoggedIn"] to something other than "true" at strange times? It seems to happen more often when running an update query of some type, but I've had it happen other times... any help is appreciated... thanks!

 

[Custom24]

This is just a guess, but it could be something to do with your web.config setting for SessionState mode. If this is set to "InProc", which is the default for a web app created with VS.net, then I've heard of people having problems. The ASP.net process gets recycled from time to time, and you lose all your session variables. (This seems to happen for no reason at all sometimes, but other times it happens when there is an error, like a never ending loop or something)

You can set this to "StateServer" and accept the default stateConnectionString, to see if this makes any difference. Then, another process manages the state, which is slower, but more robust.

Things are slightly more complicated if the app is running on a web farm or web garden. Then, you should not be using InProc anyway.

Hope this is of some use.


Mark

 

[TheDust]

Cool... can I do this from within the application's web.config file, or do I have to customize the machine's web.config file? Because I get a runtime error when I try to set the sessionstate to "stateserver"... this is my web.config file:

<configuration>
  <system.web>
    <customErrors mode=&quot;Off&quot; />
  </system.web>
  <sessionstate 
    mode=&quot;stateserver&quot;
  />
</configuration>

It is saying the error cannot be viewed, as if customErrors were not already set to "off". I have this web.config file in the same root directory as all other pages in the application... any idea what to do?

 

[Custom24]

You should be able to do it in web.config - I've just tried it and it works. I had to manually start the ASP.net state service and change it to run under the LocalSystem account (you may not have to do that).

Are you using VS.net? Are you debugging on the local machine? If you are not debugging on the local (ie the web server), then you need to change the web.config entry for customErrors to "RemoteOnly". See thread855-545626.



Mark