locked
Session is being abandoned RRS feed

  • Question

  • User-243787542 posted

    Hello every one. 

    I have an asp.net c# web application running on a server, My application keeps sending me to the login page even after 1 minute, My server provider say nothing is wrong on the server configurations, I have defined my web.config file as below: 

    <?xml version="1.0"?>
    
    <!--
      For more information on how to configure your ASP.NET application, please visit
      http://go.microsoft.com/fwlink/?LinkId=169433
      -->
    
    <configuration>
      
      <connectionStrings>
        <add name="myConnectionString" connectionString="Data Source=123.123.123.123;User ID=myUserID;Password=myPassword;"/>
      </connectionStrings>
        
      <system.web>
        <sessionState timeout="30"></sessionState>
        
        <compilation debug="true" targetFramework="4.5" defaultLanguage="c#">
            <assemblies>
              <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
              <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
              <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
              <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            </assemblies>
          </compilation>
          <httpRuntime targetFramework="4.5" />
          <httpHandlers>
            <add verb="GET" path="CaptchaImage.axd" type="MSCaptcha.CaptchaImageHandler, MSCaptcha"/>
          </httpHandlers>
    
        <machineKey
    validationKey="374A70A6EF0A2F8C1F821D125FCF6503DEA7E9CE467B433086B058D86FAB67338C3A37E580F29FF27E86D079CC9153E396ABF495821E84C7B7B1F42F4467F1CA"
    decryptionKey="C74E21EE5B3C592C62C1BC5E682ED3CC4BD389CCC3AEA317AE1772E0D6750141"
    validation="SHA1" decryption="AES"
    />
        
      </system.web>
    
      <system.webServer>
        <handlers>
          <add name="CaptchaImage" verb="GET" path="CaptchaImage.axd" type="MSCaptcha.CaptchaImageHandler, MSCaptcha"/>
        </handlers>
        <validation validateIntegratedModeConfiguration="false"/>
        <httpErrors errorMode="Custom">
          <remove statusCode="404"/>
          <error statusCode="404" path="~/pr/http404.aspx" responseMode="ExecuteURL"/>
        </httpErrors>
      </system.webServer>  
    </configuration>
    

    In my .aspx file I have the below code to check the session

    protected void Page_Load(object sender, EventArgs e)
        {
            try
            {
                if (Session["user"] == null || userRole() != "Admin")
                    Response.Redirect("../Default.aspx", false);
                else
                {
                    if(!IsPostBack)
                    {
                        // some code here...
                    }
                }
            }
            catch(Exception ex)
            {
                litAlert.Text = "<div class='alert alert-danger' role='alert'><div><span><strong>An error has occured. Please try again</strong></span ></div></div>";
            }
        }

    Can any one please tell me what am I doing wrong here. ?

    Thursday, May 18, 2017 9:37 PM

All replies

  • User-271186128 posted

    Hi plazzasele,

    It seems that your session is lost.
    According to your config file. Your session mode in In-Process Mode.
    It could be lost by many reasons, such as AppDomain or AppPool recycle, update web.config.
    So I suggest you to use SQL Server Mode.
    You could refer to below links for a tutorial of SQL Server Mode:
    https://msdn.microsoft.com/en-us/library/ms178586.aspx
    https://support.microsoft.com/en-us/help/311209/how-to-configure-asp.net-for-persistent-sql-server-session-state-management

    Best regards,
    Dillion

    Friday, May 19, 2017 5:43 AM
  • User-1735498107 posted

    1. check whether the session cookie is sent to the server(use fiddler or developer tool of the browser)

    2. check if your application restarts. By default asp.net uses inMemory sessionstate provider, if the app restarts, all the session data will be lost.

    BTW, DO NOT paste the credential in the web.config. It's NOT safe.

    Friday, May 19, 2017 5:23 PM
  • User-243787542 posted

    @terryfjh

    what you mean by DO NOT paste the credential in the web.config. It's NOT safe. ??? 

    you mean the connectionString.. ? if not saving it in the web.config then where to save it ?

    Saturday, May 20, 2017 4:07 AM
  • User475983607 posted

    You should not use Session for user authentication and authorization.  It is considered a bad practice.  Rather you should use one of the built in ASP authentication frameworks or simply an authentication cookie.  Then you can use configuration to restrict access to application resources.

    https://msdn.microsoft.com/en-us/library/xdt4thhy.aspx

    Also see the the security tutorials in the Learn link above for the latest security APIs.

    https://www.asp.net/web-forms/overview/security

    Saturday, May 20, 2017 5:23 PM
  • User-1735498107 posted

    I mean don't paste it on the Forums.

    Tuesday, May 23, 2017 3:44 PM
  • User753101303 posted

    Hi,

    Are you 100% sure session["user"] is null? Or could it be that userRole doesn't return "Admin" (maybe "admin" ?) Try  https://docs.microsoft.com/en-us/visualstudio/debugger/debugger-feature-tour

    When  debugging try to start from which error message or check how your code behaves to see what actually happens and then fix that rather than looking at your code and wondering how it could fail.

    As pointed by others you have authentication options out of the box and it would be better to just use them.

    Tuesday, May 23, 2017 5:06 PM
  • User-243787542 posted

    @PatricsSc.

    I use the same code on another server, it is working without any problems. I have contacted the server provider and they told me that they clear the memory every minute. It is their policy.

    So I have to use the server mode or as you and other has suggested to use other options. (I need to learn and find a good tutorial for that - Any suggestions.. ?)

    Any way, thank you all for your valuable help.

    Monday, June 5, 2017 12:37 PM
  • User475983607 posted

    So I have to use the server mode or as you and other has suggested to use other options. (I need to learn and find a good tutorial for that - Any suggestions.. ?)

    Follow the links in my previous post.

    Monday, June 5, 2017 12:53 PM