locked
Moving website from local pc to server-session state isn't preserved when running on server RRS feed

  • Question

  • User-1753546938 posted

    I'll start with a little information. The application was written in .net 1.1 by another company and they decided they were not going to support it any more so we got the code. I converted the application to .net 3.5 and got everything working and added some new functionality on my local box. Everything worked fine on my local box. I then uploaded my changes to the developer server and this is where my problems started. I have used iis (server uses iis6) very little so I had to change somethings to get it working. First I had to set the target framework in iis for the application to 2.0 from 1.1. At that point nothing was showing up and I found out I had to allow .net 2.0. The website then showed up at this point.

    Ok, so here is my problem. After I login and select another page, I am then redirected back to the login page. None of the session state variables are set any more. I never seen this problem when I ran it in VS2008. I'm completely lost here.

    Here is where they do authentication:

    Public Function IsValidUserName(ByVal strUserName As String, ByVal strPassword As String) As Boolean 
            Dim blnRetVal As Boolean 
            Dim oPersonnel As OE.SafetyImpact.DomainObjects.Core.Personnel 
            Dim oSite As OE.SafetyImpact.DomainObjects.Core.Site 
            Dim oCn As SqlConnection = Nothing 
            Dim connectionString As String 
            Try 
                connectionString = CommonMethods.GetConnectionString() 
                oCn = New SqlConnection(connectionString) 
                oCn.Open() 
     
                oPersonnel = PersonnelDAO.ReturnByUserNameAndPassword(oCn, strUserName, strPassword) 
                If Not oPersonnel Is Nothing Then 
                    With oPersonnel 
                        'populate login variables and redirect 
                        Session("PersonnelID") = .PersonnelID 
                        Session("UserName") = .FirstName & " " & .LastName 
                        If Session("UserName") = " " Then 
                            Session("UserName") = "N/A" 
                        End If 
                        Session("SiteFK") = .SiteFK 
                        Session("UserRights") = .UserRights 
                        'Session("DepartmentFK") = .DepartmentFK 
     
                        oSite = SiteDAO.ReturnOneById(oCn, CommonMethods.NullToDouble(Session("SiteFK"), 0)) 
                        If Not oSite Is Nothing Then 
                            Session("SiteLogo") = oSite.SiteLogo 
                        End If 
     
                        blnRetVal = True 
                    End With 
                End If 
     
                Return blnRetVal 
     
            Catch ex As Exception 
                CommonMethods.LogException("Index.IsValidUserName", ex) 
                Return False 
            Finally 
                CommonMethods.DisposeSqlConnection(oCn) 
            End Try 
        End Function 
    End Class

    And this is called on all pages:

       Public Sub ValidateLogin() 
            If Session.Item("PersonnelID") Is Nothing Then 
                Response.Redirect("index.aspx") 
            ElseIf CType(Session.Item("PersonnelID"), String) = "" Then 
                Response.Redirect("index.aspx") 
            End If 
        End Sub.
    

    Here is where sessionstate is set in the web.config file:

     

        <sessionState 
                mode="InProc"
                stateConnectionString="tcpip=127.0.0.1:42424"
                sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
                cookieless="false" 
                timeout="20" 
        />

     

    As I said, I haven't done much with IIS or server stuff. Is there a setting or some setup problem?

    Monday, May 2, 2011 11:27 AM

Answers

  • User-29804325 posted

    Hi,

    Use HTTP post method, it will get the key-value pair in page like (name:joe, age:20) and after encoding, it will passed them in http body to the action url.

    We can retrieve them in action url page by using Request.Form[param]. I notice that you said that after logging, your application will redirect user to main.aspx page.

    <form id="frmLogin" name="frmLogin" method="post" runat="server" action="index.aspx">

    And then main.aspx use post method to post to index.aspx again. Is it right? If it is, the code you provide in index.aspx above:

     

     if not Page.IsPostBack Then
               Session("PersonnelID") = ""
               Session("UserName") = ""
               Session("SiteFK") = ""
               Session("UserRights") = ""
               Session("DepartmentFK") = ""
               Session("SiteLogo") = ""
    
               Session("currentcmtab") = ""
               Session("strsql") = ""
               Session("strsq2l") = ""
               Session("totalcount") = ""
               Session("norecords") = ""
               Session("currentindex") = ""
            End If
    
    

    will execute. Which will reset all session to empty.

    And if you do send data to another page what is the point? Like if I submit data to index.aspx but redirect to another page after the user clicks submit

    http post will execute first. So the server code Response.Redirect will not execute.

    Hope this can help you.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, May 8, 2011 10:49 PM

All replies

  • User1483970546 posted

    Hi,

    In the posted code  Session("PersonnelID") = .PersonnelID is commented out. Have you debug the code and verify that this link is executing ?


    Also, if you want to use InProc session state then why are you setting State and SQL connection string? You can use following simple settings,

      <sessionState mode="InProc" >  </sessionState>

    Thanks

    -Akhtar

    Monday, May 2, 2011 4:06 PM
  • User-1753546938 posted

    The following code isn't commented out. I'm not sure why the forums commented it out.

                        Session("PersonnelID") = .PersonnelID
                        Session("UserName") = .FirstName & " " & .LastName
                        If Session("UserName") = " " Then
                            Session("UserName") = "N/A"
                        End If
                        Session("SiteFK") = .SiteFK
                        Session("UserRights") = .UserRights

    As for the config, I didn't write that. It is how it was coded from the other company. So I can remove the connection string? Any other ideas?

    Monday, May 2, 2011 4:54 PM
  • User1483970546 posted

    Hi,

    Yeah, try to remove the connecting and see if it works fine?

    If it is still not working then It seems that session is expiring for each request. You can confirm it by handling the Session_End event in Global.asax and set the break point there to see if session is expiring for each request. If it is the case then please see this thread http://forums.asp.net/t/897167.aspx/1/10 to know the different reasons for automatically session expiring.

    Thanks

    -Akhtar

     

    Tuesday, May 3, 2011 3:15 PM
  • User-1753546938 posted

    Hi,

    I removed the connection string and nothing changed. I also looked at the post and nothing there helped. :( I replaced all my changes with the old .dlls and aspx pages on the server and changed the application back to 1.1 and it works fine. I am not sure why my changes are effecting the session. I haven't done anything other then add some listboxes and a page or two. Is there anything I need to do special when converting from 1.1 to 3.5?

     

    Wednesday, May 4, 2011 8:05 PM
  • User-29804325 posted

    Hi,

    I think first you need to make sure you have deployed all your newest dll to server. Especially the dll that contain validation logic code.

    And then check if the session has been disabled on IIS 6.

    http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/042a5242-f5b0-4fe0-b614-18eded88ab7c.mspx?mfr=true

    Set the default session timeout in configuration file.

    <configuration>
      <system.web>
         <sessionState timeout="20"></sessionState>
      </system.web>
    </configuration>

    Or check if cookie was disabled in client browser.

    Also, I suggest you to create a new page in your project and add this code in page_load:

    Response.Write(Session.SessionID);

    Open browser and visit this page and press F5 to refresh the sessionid to see if it changed.

    Sometimes, if you have a global.asax file. To comment or remove the event method  "Session_Start", "Session_End" will solve the problem. You can have a try.

    Hope this can help you.

    Thursday, May 5, 2011 2:39 AM
  • User-1753546938 posted

    I think I found the problem. I found this http://weblogs.asp.net/scottgu/archive/2005/12/14/433194.aspx blog about logging application shutdowns and I get the following message in the event log:

    Event Type: Information
    Event Source: ASP.NET 2.0.50727.0
    Event Category: Web Event
    Event ID: 1305
    Date:  5/5/2011
    Time:  9:11:44 AM
    User:  N/A
    Computer: 

    Description:
    Event code: 1002 
    Event message: Application is shutting down.
    Reason: A subdirectory in the Bin application directory was changed or renamed. 
    Event time: 5/5/2011 9:11:44 AM  Event time (UTC): 5/5/2011 4:11:44 PM 
    Event ID: e0eae2614eba4ac1a06262ceaa0b7f7d 
    Event sequence: 74  Event occurrence: 1 
    Event detail code: 50007   

    Application information:     
    Application domain: /LM/W3SVC/1/Root/SafetyImpact-1-129490847148429064     
    Trust level: Full     
    Application Virtual Path: /SafetyImpact     
    Application Path: C:\Inetpubftl\wwwroot\SafetyImpact\     
    Machine name:    

    Process information:     
    Process ID: 9896     
    Process name: w3wp.exe     
    Account name: NT AUTHORITY\NETWORK SERVICE   

    Custom event details:

     

    So how can I go about tracking down what is changing/renaming the subdirectory in the Bin?

    Edit: I spoke to soon. It restarted because I had just upload my changes to the server. Is there any error or messages I can capture in the session_end method that maybe helpful?

    Thursday, May 5, 2011 12:22 PM
  • User-1753546938 posted

    Ok I found the problem. But really don't understand why it was working when I ran it in VS.

    In Index.aspx in the Page_Load method they had:

     

        Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
            'Put user code to initialize the page here
            LoadHeader(Me.PlaceholderHeader, True)
            CommonMethods.SetFocus(Me.txtLoginID)
    
            if not Page.IsPostBack Then
               Session("PersonnelID") = ""
               Session("UserName") = ""
               Session("SiteFK") = ""
               Session("UserRights") = ""
               Session("DepartmentFK") = ""
               Session("SiteLogo") = ""
    
               Session("currentcmtab") = ""
               Session("strsql") = ""
               Session("strsq2l") = ""
               Session("totalcount") = ""
               Session("norecords") = ""
               Session("currentindex") = ""
            End If
    
        End Sub

     

    Then in main.aspx the page that is redirected to after logging in on the index page there is this in the .aspx file:

     

    <form id="frmLogin" name="frmLogin" method="post" runat="server" action="index.aspx">

    Which I really don't understand. I though action was used to send form-data to a page? Correct? Why would you use this if there is no data to submit? Only thing on the main page is links to other pages. Is there other data sent when you use "action" in a form tag? Also, as a side question how does action work? If I have textboxes and a submit button, how is the data retrieved on the page action is pointing to? And if you do send data to another page what is the point? Like if I submit data to index.aspx but redirect to another page after the user clicks submit.

    Maybe someone knows why the code in index's page_load would work on the server running in 1.1 and work on my local box running in 2.0 but not on a server running 2.0.

    Friday, May 6, 2011 1:59 PM
  • User-29804325 posted

    Hi,

    Use HTTP post method, it will get the key-value pair in page like (name:joe, age:20) and after encoding, it will passed them in http body to the action url.

    We can retrieve them in action url page by using Request.Form[param]. I notice that you said that after logging, your application will redirect user to main.aspx page.

    <form id="frmLogin" name="frmLogin" method="post" runat="server" action="index.aspx">

    And then main.aspx use post method to post to index.aspx again. Is it right? If it is, the code you provide in index.aspx above:

     

     if not Page.IsPostBack Then
               Session("PersonnelID") = ""
               Session("UserName") = ""
               Session("SiteFK") = ""
               Session("UserRights") = ""
               Session("DepartmentFK") = ""
               Session("SiteLogo") = ""
    
               Session("currentcmtab") = ""
               Session("strsql") = ""
               Session("strsq2l") = ""
               Session("totalcount") = ""
               Session("norecords") = ""
               Session("currentindex") = ""
            End If
    
    

    will execute. Which will reset all session to empty.

    And if you do send data to another page what is the point? Like if I submit data to index.aspx but redirect to another page after the user clicks submit

    http post will execute first. So the server code Response.Redirect will not execute.

    Hope this can help you.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, May 8, 2011 10:49 PM