Session Question

[Bishop]

ASP.NET 2.0/IIS 6/Windows 2003

I have all my session settings set to the standard 20 min. but many times
the session will time out prior to 20 min. of inactivity. My questions are:

1. Is there any way to find out why a session was reset?
2. Is there anything other than a session ID I can use to record data
throughout a "session" (From the time someone starts visiting until they
finish) I can't use client IP address because we get to many hits from the
same IP that are different users.

 

[Peter Bradley]

Ysgrifennodd Bishop:

ASP.NET 2.0/IIS 6/Windows 2003

I have all my session settings set to the standard 20 min. but many times
the session will time out prior to 20 min. of inactivity. My questions are:

1. Is there any way to find out why a session was reset?
2. Is there anything other than a session ID I can use to record data
throughout a "session" (From the time someone starts visiting until they
finish) I can't use client IP address because we get to many hits from the
same IP that are different users.

Does this help?

http://aspalliance.com/520

By the way, you need to check both the session timeout and the cookie
timeout. If the cookie times out before the session does then the
session will be closed. Assuming you are using cookies, of course.

HTH


Peter

 

[Laurent Bugnion, MVP]

Hi,

By the way, you need to check both the session timeout and the cookie
timeout. If the cookie times out before the session does then the
session will be closed. Assuming you are using cookies, of course.

Are you sure?

Session cookies don't expire as long as the browser is open, so that
can't be it.

Even if the cookie expired on the client, the current session wouldn't
expire early. In the contrary, a new session with a different session ID
would be started when the browser sends the next request, because the
cookie (coming from the client) can't be found. But the existing session
will expire only after the set timeout.

HTH,
Laurent

 

[Peter Bradley]

Ysgrifennodd Laurent Bugnion, MVP:

Are you sure?

Session cookies don't expire as long as the browser is open, so that
can't be it.

Even if the cookie expired on the client, the current session wouldn't
expire early. In the contrary, a new session with a different session ID
would be started when the browser sends the next request, because the
cookie (coming from the client) can't be found. But the existing session
will expire only after the set timeout.

HTH,
Laurent

Heh. No, I'm not sure, Laurent. And you sound confident, so I would
guess that you're right and that my logic is faulty.

Thanks for the heads up.




Peter

 

[Bishop]

Peter and Laurent, thanks for the help. When I create a cookie I set it to
expire in 1 day but I'm not using cookies for this, unless there is a
dependency on cookies with sessions that I'm not aware of. I have two
instances that tells me my session is resetting:

1. An admin program that all at my company uses all day long (about 5 of us)
uses a session for authentication which will show up blank throughtout the
day. Many time after only 5 min. of inactivity.

2. When someone comes to our public website each page checks to see if a
session variable "referer" is populated. If not, we populate it with the
referer and log it to a table in the database. It appears from our testing
that a typical session will reset because throughout a session on our site
the origional referer will save to the db but also refererals from our own
site.