Bizarre loss of Session variables

[Michael Carr]

I have an intermittent problem that occurs on a very small number of
browsers that access my website. The strange thing is this: my site works
perfectly for 99.9% of browsers. The behavior described below occurs for
0.1% of users, and so far I've only seen it on IE 6.0.

My ASP.NET website is set up like this:

1. Logon page - Collect username / password and verify against the DB. If
OK, store the UserID in Session["UserID"] and redirect to Main Page

2. Main page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page. Includes hyperlink to Second Page.

3. Second page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page.

Here is what happens in these very small number of cases -- the user can
authenticate on the logon page successfully and gets redirected to the Main
Page. However, upon clicking the link to go from the Main Page to the Second
Page, the Session loses the variable and Second Page redirects the user to
the Logon page.

To debug this problem, I added a display of the Session.SessionID + ":" +
Session["UserID"] variables at the bottom of the page. Here are the results:

Logon page... vmhgea20gz4azp550f203omh:
Main page... vmhgea20gz4azp550f203omh:24665
Second page... vmhgea20gz4azp550f203omh:

These results indicate that the SessionID is remaining constant throughout
the test, but that the Server is somehow losing the Session["UserID"]
between the Main Page and Second Page. This would seem to indicate that it
is a server issue, however, it only happens for 0.1% of visitors and with
those particular visitors it is a constant repeatable behavior. I have
instructed those users to delete their cached files and cookies and reboot,
but it didn't help. The users have all the Windows Updates in place.

Has anybody else seen this problem or know of its solution?

Thanks!!
Michael Carr

 

[Kevin Spencer]

Possibly due to Cookies being turned off in the client browser.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[Shan]

I might not be close to the answer you expect but I have
heard of cases where asp.net applications restarts itself
automatically based on processConfig settings in
machine.config(deadlock handling or something), ALSO IIS 6
in Windows 2003 has a similar kind of functionality where
it can restart applications if its taking memory or
something...in these scenarios you will loose your
sessions...

Thanks,
-Shan

 

[Hermit Dave]

Kevin,

Dont think its the cookies.. cause he's got constant session id.. ie if
cookies are turned off on client browser every request would result a new
session (and a new session id)

Michael,

session used to be the most common place to store data... its still is but
with say forms authentication... it removes session from the picture.. and
you authenticate based on a ticket validity... i know its not worth a try
its its only 0.1% users but have a think... (store information in ticket and
you will be able to use HttpContext.Current.User.Identity.Name
plus you can application_authenticaterequest to check and load the values
from the ticket.. and can access it anywhere in your code..
not to forget setting up location elements with allow / deny roles / users
etc...

--
Regards,

HD

Possibly due to Cookies being turned off in the client browser.

--
HTH,
Kevin Spencer
.Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

I have an intermittent problem that occurs on a very small number of
browsers that access my website. The strange thing is this: my site works
perfectly for 99.9% of browsers. The behavior described below occurs for
0.1% of users, and so far I've only seen it on IE 6.0.

My ASP.NET website is set up like this:

1. Logon page - Collect username / password and verify against the DB. If
OK, store the UserID in Session["UserID"] and redirect to Main Page

2. Main page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page. Includes hyperlink to Second Page.

3. Second page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page.

Here is what happens in these very small number of cases -- the user can
authenticate on the logon page successfully and gets redirected to the Main
Page. However, upon clicking the link to go from the Main Page to the Second
Page, the Session loses the variable and Second Page redirects the user to
the Logon page.

To debug this problem, I added a display of the Session.SessionID + ":" +
Session["UserID"] variables at the bottom of the page. Here are the results:

Logon page... vmhgea20gz4azp550f203omh:
Main page... vmhgea20gz4azp550f203omh:24665
Second page... vmhgea20gz4azp550f203omh:

These results indicate that the SessionID is remaining constant throughout
the test, but that the Server is somehow losing the Session["UserID"]
between the Main Page and Second Page. This would seem to indicate that it
is a server issue, however, it only happens for 0.1% of visitors and with
those particular visitors it is a constant repeatable behavior. I have
instructed those users to delete their cached files and cookies and reboot,
but it didn't help. The users have all the Windows Updates in place.

Has anybody else seen this problem or know of its solution?

Thanks!!
Michael Carr

 

[Kevin Spencer]

Probably, but it might be worth checking out.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[Hermit Dave]

Shan,

the worker process is restarted if the total memory consumed by it exceeds
60% of physical memory.
or depending upon the parameters set in the machine.config file

but if the application where to restart then the session id would be
diffent....

--
Regards,

HD

I might not be close to the answer you expect but I have
heard of cases where asp.net applications restarts itself
automatically based on processConfig settings in
machine.config(deadlock handling or something), ALSO IIS 6
in Windows 2003 has a similar kind of functionality where
it can restart applications if its taking memory or
something...in these scenarios you will loose your
sessions...

Thanks,
-Shan

-----Original Message-----
I have an intermittent problem that occurs on a very small number of
browsers that access my website. The strange thing is this: my site works
perfectly for 99.9% of browsers. The behavior described below occurs for
0.1% of users, and so far I've only seen it on IE 6.0.

My ASP.NET website is set up like this:

1. Logon page - Collect username / password and verify against the DB. If
OK, store the UserID in Session["UserID"] and redirect to Main Page

2. Main page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page. Includes hyperlink to Second Page.

3. Second page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page.

Here is what happens in these very small number of cases - - the user can
authenticate on the logon page successfully and gets redirected to the Main
Page. However, upon clicking the link to go from the Main Page to the Second
Page, the Session loses the variable and Second Page redirects the user to
the Logon page.

To debug this problem, I added a display of the Session.SessionID + ":" +
Session["UserID"] variables at the bottom of the page. Here are the results:

Logon page... vmhgea20gz4azp550f203omh:
Main page... vmhgea20gz4azp550f203omh:24665
Second page... vmhgea20gz4azp550f203omh:

These results indicate that the SessionID is remaining constant throughout
the test, but that the Server is somehow losing the Session["UserID"]
between the Main Page and Second Page. This would seem to indicate that it
is a server issue, however, it only happens for 0.1% of visitors and with
those particular visitors it is a constant repeatable behavior. I have
instructed those users to delete their cached files and cookies and reboot,
but it didn't help. The users have all the Windows Updates in place.

Has anybody else seen this problem or know of its solution?

Thanks!!
Michael Carr


.

 

[Michael Carr]

From my understanding about Cookies and Session State, the SessionID is
actually the cookie that is sent from the client to the server for each
request and session variables themselves are actually kept on the server.
So, since my debug routines show the same SessionID for every request, this
would indicate that the browser is indeed sending the correct cookie... am I
correct in my thinking here?

Michael Carr

 

[Karl Shifflett]

This is how I got around this.

I changed the location of the session variables to
stateserver and just used the loopback address for the web
server and fired up the stateserver on the web server and
have not had any problems since.

 

[Karl Shifflett]

Here is my web.config for the state server solution I
provided.

<sessionState
mode="StateServer"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

-----Original Message-----
This is how I got around this.

I changed the location of the session variables to
stateserver and just used the loopback address for the web
server and fired up the stateserver on the web server and
have not had any problems since.

-----Original Message-----
I have an intermittent problem that occurs on a very small number of
browsers that access my website. The strange thing is this: my site works
perfectly for 99.9% of browsers. The behavior described below occurs for
0.1% of users, and so far I've only seen it on IE 6.0.

My ASP.NET website is set up like this:

1. Logon page - Collect username / password and verify against the DB. If
OK, store the UserID in Session["UserID"] and redirect

to
Main Page

2. Main page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page. Includes hyperlink to Second Page.

3. Second page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page.

Here is what happens in these very small number of

cases -
- the user can

authenticate on the logon page successfully and gets redirected to the Main
Page. However, upon clicking the link to go from the

Main
Page to the Second

Page, the Session loses the variable and Second Page redirects the user to
the Logon page.

To debug this problem, I added a display of the Session.SessionID + ":" +
Session["UserID"] variables at the bottom of the page. Here are the results:

Logon page... vmhgea20gz4azp550f203omh:
Main page... vmhgea20gz4azp550f203omh:24665
Second page... vmhgea20gz4azp550f203omh:

These results indicate that the SessionID is remaining constant throughout
the test, but that the Server is somehow losing the Session["UserID"]
between the Main Page and Second Page. This would seem

to
indicate that it

is a server issue, however, it only happens for 0.1% of visitors and with
those particular visitors it is a constant repeatable behavior. I have
instructed those users to delete their cached files and cookies and reboot,
but it didn't help. The users have all the Windows Updates in place.

Has anybody else seen this problem or know of its solution?

Thanks!!
Michael Carr


.

.

 

[JN]

The exact same thing happens to me on this particular
machine.
I have 3 development machines, on 2 of them (one is
Win2000 and the other is XP), the session variables work
fine.
On this machine I'm using, the session variables are lost
in between. The problematic machine is almost a brand new
one, runs on Win2000, with the same memory space as that
of the one that works.
And I don't use cookies (I set cookiesless=true).

I'm interested to see how to solve this.

 

[Alvin Bruney]

This strongly suggests that your app is being recycled. Your session id will
be the same as long as your browser is kept opened. Have a look at your
application logs to find out what the w3c worker process is doing.

But then again, you've found a work around so why bother? Stateserver with a
loopback results in about a 10% performance hit. That's not a bad price to
pay to keep 1% of users happy.

--
Regards,
Alvin Bruney
Got tidbits? Get it here...
http://tinyurl.com/3he3b

Here is my web.config for the state server solution I
provided.

<sessionState
mode="StateServer"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

-----Original Message-----
This is how I got around this.

I changed the location of the session variables to
stateserver and just used the loopback address for the web
server and fired up the stateserver on the web server and
have not had any problems since.

-----Original Message-----
I have an intermittent problem that occurs on a very small number of
browsers that access my website. The strange thing is this: my site works
perfectly for 99.9% of browsers. The behavior described below occurs for
0.1% of users, and so far I've only seen it on IE 6.0.

My ASP.NET website is set up like this:

1. Logon page - Collect username / password and verify against the DB. If
OK, store the UserID in Session["UserID"] and redirect

to
Main Page

2. Main page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page. Includes hyperlink to Second Page.

3. Second page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page.

Here is what happens in these very small number of

cases -
- the user can

authenticate on the logon page successfully and gets redirected to the Main
Page. However, upon clicking the link to go from the

Main
Page to the Second

Page, the Session loses the variable and Second Page redirects the user to
the Logon page.

To debug this problem, I added a display of the Session.SessionID + ":" +
Session["UserID"] variables at the bottom of the page. Here are the results:

Logon page... vmhgea20gz4azp550f203omh:
Main page... vmhgea20gz4azp550f203omh:24665
Second page... vmhgea20gz4azp550f203omh:

These results indicate that the SessionID is remaining constant throughout
the test, but that the Server is somehow losing the Session["UserID"]
between the Main Page and Second Page. This would seem

to
indicate that it

is a server issue, however, it only happens for 0.1% of visitors and with
those particular visitors it is a constant repeatable behavior. I have
instructed those users to delete their cached files and cookies and reboot,
but it didn't help. The users have all the Windows Updates in place.

Has anybody else seen this problem or know of its solution?

Thanks!!
Michael Carr


.

.

 

[Alvin Bruney]

read this thread , subject Bizarre loss of Session variable

--
Regards,
Alvin Bruney
Got tidbits? Get it here...
http://tinyurl.com/3he3b

The exact same thing happens to me on this particular
machine.
I have 3 development machines, on 2 of them (one is
Win2000 and the other is XP), the session variables work
fine.
On this machine I'm using, the session variables are lost
in between. The problematic machine is almost a brand new
one, runs on Win2000, with the same memory space as that
of the one that works.
And I don't use cookies (I set cookiesless=true).

I'm interested to see how to solve this.

-----Original Message-----
I have an intermittent problem that occurs on a very small number of
browsers that access my website. The strange thing is this: my site works
perfectly for 99.9% of browsers. The behavior described below occurs for
0.1% of users, and so far I've only seen it on IE 6.0.

My ASP.NET website is set up like this:

1. Logon page - Collect username / password and verify against the DB. If
OK, store the UserID in Session["UserID"] and redirect to Main Page

2. Main page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page. Includes hyperlink to Second Page.

3. Second page - If Session["UserID"] == null, redirect to Logon page,
otherwise display the page.

Here is what happens in these very small number of cases - - the user can
authenticate on the logon page successfully and gets redirected to the Main
Page. However, upon clicking the link to go from the Main Page to the Second
Page, the Session loses the variable and Second Page redirects the user to
the Logon page.

To debug this problem, I added a display of the Session.SessionID + ":" +
Session["UserID"] variables at the bottom of the page. Here are the results:

Logon page... vmhgea20gz4azp550f203omh:
Main page... vmhgea20gz4azp550f203omh:24665
Second page... vmhgea20gz4azp550f203omh:

These results indicate that the SessionID is remaining constant throughout
the test, but that the Server is somehow losing the Session["UserID"]
between the Main Page and Second Page. This would seem to indicate that it
is a server issue, however, it only happens for 0.1% of visitors and with
those particular visitors it is a constant repeatable behavior. I have
instructed those users to delete their cached files and cookies and reboot,
but it didn't help. The users have all the Windows Updates in place.

Has anybody else seen this problem or know of its solution?

Thanks!!
Michael Carr


.

 

[William LaMartin]

I had a situation at one web host where I was losing all session variables
after a short time--but the sessionID was maintained. Apparently when an
application was recycled because of a limit on virtual memory, the Session
ID was maintained although all session variables and application variables
were lost.

After much back and forth with the host, the did two things which caused the
session variables to be preserved. I think #1 is the most important.

1. increased the Virtual memory limit on application pools

2. modified the SessionState section of the web.config file in my root
directory to use ServerState

 

[Michael Carr]

Yes, the experience you describe is the exact problem I'm having. Have you
been able to isolate anything special in particular about that machine? Have
you tried different browsers on it? Do you see the same behavior from
regular ASP (non ASP.NET) applications with SessionState? Do you have any
problem logging into other websites from that machine? It is tough for me to
isolate this problem since my particular user is on the other side of the
country...

Thanks,
Michael Carr

 

[Michael Carr]

If the app is being recycled, then what is it about that particular machine
that is causing the app to recycle? It happens consistently with that
particular machine and almost nowhere else.

If something about a particular client can consistently cause an app to
recycle, isn't that a security issue Microsoft should be a little concerned
about??? I bet some hackers would take great joy in arbitrarily recycling
..NET websites.

It doesn't sit well with me to switch to a different means of preserving
SessionState just because it has been shown to work... I'd rather get to the
bottom of it and find a fix or isolate a bug and get it reported.

Michael Carr