Session Timeout Recovery Windows Identity

Question

User-135749131 posted

When someone is logged in using Windows Identity on an Intranet is there a way to recover from data loss caused by a session timeout?   The user has typed in all of this data and then gets interrupted and the interruption goes past the session timeout time frame of 20 minutes. All of the data is in the browser that was typed in.   The data is or will be related to a new or existing row of data in a database.   I am able to check the rowid value of an existing row that was used as a model for the data entered which is in the viewstate to see if it is null to know that the session has timed out.

One of the other form fields on the browser screen is a unique column value which would allow for the ID of an existing row in the table or knowledge that the row is new and would need to be added. 

The error coming back at first was that the viewstate variable value is null.   Then when I have the code attempt to go to the db and decide whether or not the row exists or not and save the data I get a viewstate MAC errror.

I just need to be able to establish say a new session or recover the existing session if possible and use the data posted back from the browser.   This is not a forms login.   The user does not need to login since the windows identification automatically comes from the domain login when the user goes to the web site in the first place.

So back to my question: When someone is logged in using Windows Identity on an Intranet is there a way to recover from data loss caused by a session timeout?

Thanks! 

Answer 1

User475983607 posted

So back to my question: When someone is logged in using Windows Identity on an Intranet is there a way to recover from data loss caused by a session timeout?

Session and ViewState are two very different ASP framework features.  ViewState is page level persistence while Session is server side.  

If you are truly saving data in Session and you need to persist the data indefinitely, consider using a Session Server like SQL server.  SQL Server will store the Session data forever. Whereas the default InProc ASP Session configuration stores data in server memory.  A timeout is required clear up Sessions otherwise the server would eventually run out of memory.

The MAC error is due to a machine key mismatch.  Basically, the machine key used to encrypt ViewState is not the same key used to decrypt ViewState.  

The machine key is generated when the application starts and by default it is set to auto generate.  A machine key mismatch can be due to the application restarting unexpectedly or the application is load balanced and the user ended up on a different server with a different machine key.  An easy fix is to explicitly set the machine key on every server that hosts the application.  More information can be found on MSDN.

https://support.microsoft.com/en-us/kb/2915218

Other than the above, maintaining the state of the user is up to the application design.  Personally, Session is dirty word and I stay away from Session simply because it makes the code much more complex - but that's my opinion.  If I have a multi step form, I tend to save the sections of the form in a table or tables as the user completes each section.  If the user walks away from the computer then only unsubmitted data is in jeopardy.

If the form is one page then the task is a bit more tedious but you can use AJAX to save the state from time to time.  

 

Answer 2

User-135749131 posted

Thanks for the input.   Looks like a decent idea.   Will work to try out.