Sharing ASP.NET State Service sessions between IIS7.5 and 8.0 doesn't work

Question

User153231335 posted

I've got a web farm consisting of 5 Server 2008R2 machines running IIS 7.5. All of them share session state using a single, separate, server running the ASP.NET State Service (this one also runs 2008 R2). Everything is working wonderfully.

However, I've now added a sixth server, this one running 2012/IIS 8.0. For the life of me, I can't get this server to share session state with the other servers.

The machineKey configuration is the exact same (anonymized):

<machineKey validationKey="XYZ" decryptionKey="ZYX" validation="SHA1" />

The application ID is the exact same across all servers (we run multiple websites, but all have the ID created programmatically, config is identical, verified at runtime as well):

/LM/W3SVC/10351/ROOT 

All sites also have the same AppPath, also verified at runtime:

D:\SomeSite\SomApp\ 

The session configuration is the exact same as well:

<sessionState mode="StateServer" partitionResolverType="MyStateServerPartitionResolver" stateNetworkTimeout="30" timeout="20" /> 

The MyStateServerPartitionResolver class is very simply, just abstracting the fact that we load the connection string through our own configuration (connectionString value is identical on all servers, also verified):

public class MyStateServerPartitionResolver : IPartitionResolver
{
    private string connectionString;

    public void Initialize()
    {
        connectionString = ConfigSettings.StateServerConnectionString;
    }
 
    public string ResolvePartition(object key) { return connectionString; }
} 

All sites run on .NET 4.0 and the application pool configuration is the exact same as well.

The only difference I can narrow it down to is the fact that the working servers are all running IIS 7.5 while the non-working one is running IIS 8.0. However, I'd expect this to be a supported scenario as it's hard to do a rolling upgrade otherwise.

Any suggestions on what I can do to debug this? Or any documentation confirmation that IIS 7.5 & 8.0 can't share session state?

Answer 1

User690216013 posted

I did not see into the problem further, but one fact that might lead to the difference is that Windows Server 2012 in fact uses .NET 4.5, not .NET 4. If you can do more testing, you might test out this case,

• One Windows Server 2012.
• One Windows Server 2008 R2 with .NET 4.5 installed.

Then check if the two can share the sessions correctly.

Answer 2

User1030553310 posted

Hi Mark,

I suggest you to use native .net sessionState stored in sqlserver. By using the same machine key and making a small tweak to a stored procedure – both servers can share any session keys and/or forms authenication.

Both servers would do something like this in  there web.config:

<sessionState mode="SQLServer" sqlConnectionString="Data Source=IP\SQLEXPRESS;User Id=test;Password=test;Application Name=AppName"  />
    <machineKey
validationKey="SOMEKEY"
validation="SHA1" decryption="AES"
/>

More information please refer to:
http://msdn.microsoft.com/en-us/library/ms229862(VS.80).aspx

Hope it can help you.

Best Regards,
Terry Guo

Answer 3

User153231335 posted

I did not see into the problem further, but one fact that might lead to the difference is that Windows Server 2012 in fact uses .NET 4.5, not .NET 4. If you can do more testing, you might test out this case,

• One Windows Server 2012.
• One Windows Server 2008 R2 with .NET 4.5 installed.

Then check if the two can share the sessions correctly.

Of course! Why I did not consider this, I do not know. We were running fully updated 4.0 on the 2008 R2's but, as you correctly mention, 2012 comes with 4.5 natively and thus uses that while IIS lists 4.0 as being the active version.

Upgrading the 2008 R2's to 4.5 seems to solve the issue. Thank you!

- Mark

Answer 4

User153231335 posted

I suggest you to use native .net sessionState stored in sqlserver. By using the same machine key and making a small tweak to a stored procedure – both servers can share any session keys and/or forms authenication.
Both servers would do something like this in  there web.config:
<sessionState mode="SQLServer" sqlConnectionString="Data Source=IP\SQLEXPRESS;User Id=test;Password=test;Application Name=AppName"  />
    <machineKey
validationKey="SOMEKEY"
validation="SHA1" decryption="AES"
/>

More information please refer to:
http://msdn.microsoft.com/en-us/library/ms229862(VS.80).aspx

I'm afraid we can't store session state in the database. The increased load would kill the database. Furthermore I'd much prefer not to have to hack the native procedures, even though it's a well known hack.

However, it seems Lex's answer provided the answer, so we'll be able to continue running on the state server. Thanks!

- Mark