User475983607 posted
So back to my question: When someone is logged in using Windows Identity on an Intranet is there a way to recover from data loss caused by a session timeout?
Session and
ViewState are two very different ASP framework features. ViewState is page level persistence while Session is server side.
If you are truly saving data in Session and you need to persist the data indefinitely, consider using a Session Server like SQL server. SQL Server will store the Session data forever. Whereas the default InProc ASP Session configuration stores data
in server memory. A timeout is required clear up Sessions otherwise the server would eventually run out of memory.
The MAC error is due to a machine key mismatch. Basically, the machine key used to encrypt ViewState is not the same key used to decrypt ViewState.
The machine key is generated when the application starts and by default it is set to auto generate. A machine key mismatch can be due to the application restarting unexpectedly or the application is load balanced and the user ended up on a different
server with a different machine key. An easy fix is to explicitly set the machine key on every server that hosts the application. More information can be found on MSDN.
https://support.microsoft.com/en-us/kb/2915218
Other than the above, maintaining the state of the user is up to the application design. Personally, Session is dirty word and I stay away from Session simply because it makes the code much more complex - but that's my opinion. If I have a multi
step form, I tend to save the sections of the form in a table or tables as the user completes each section. If the user walks away from the computer then only unsubmitted data is in jeopardy.
If the form is one page then the task is a bit more tedious but you can use
AJAX to save the state from time to time.