Session Timeout

[Jim]

The dreaded Session state

All, Just to give a little background this is reagarding an ASP 3.0
application running on IIS6 using the default app pool.

I have set the session timeout to 540 minutes in IIS (under options tab in
Application configuration). There is no code in the Session_OnStart or
Session_OnEnd in the global.asa. Via an include file, each page executes
these no-cache related code:
Response.Buffer = True
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
Response.CacheControl = "private"

Sorry, just wanted to give some background on what we're dealing with.
Anyways, the problem is that the users are saying their session state is
expiring much sooner than 540 minutes. How is this possible? What did I miss?
Are there better techniques to ensure the 540 minute session?

Thanks in advance,
Jim

 

[Kyle Peterson]

Setting a session timeout any higher than 90 minutes is somewhat iffy.
You should perhaps consider using cookies to keep track of them longer than
that.

It really all depends on why you are even doing this in the 1st place
though.

 

[Jim]

I see. The only reason why the session state is set so high is the users do
not want to be exited from the application during the day. When session
timesout, the app forces the user to exit.

 

[Bob Barrows [MVP]]

I see. The only reason why the session state is set so high is the
users do not want to be exited from the application during the day.
When session timesout, the app forces the user to exit.

Which is a good thing, as far as the server is concerned. Sessions consume
system resources. There are other ways to preserve state when it needs to be
preserved for that amount of time. Cookies, databases, files, etc.

Bob Barrows

 

[Jim]

Well no. I solution was to reduce the timeout from 8 hours to 90 minutes.
Wow, I'm not sure what could be causing your session timeout problem of
timing out after just four minutes.

 

[jaco]

Good Day,

I'm experiencing the same problem and need a solution not a work arround.
Implementing a different state management system in our production
environment is not a option. Since this will mean retesting and redepolying
our application to 10 sites world wide.

This worked fine on IIS 5.0 so why is it not working on IIS 6.0. What was
changed. And how do we change it back.

Thanks
Jaco Roux

 

[Bob Barrows [MVP]]

Good Day,

I'm experiencing the same problem

The text you quoted does not mention a problem and I no longer have the
original thread on my machine.

What is the problem? Or the symptoms of the problem if you haven't
identified the problem?

and need a solution not a work
arround. Implementing a different state management system in our
production environment is not a option. Since this will mean
retesting and redepolying our application to 10 sites world wide.

This worked fine on IIS 5.0 so why is it not working on IIS 6.0.

What was working fine on IIS5 but is no longer working on IIS6?

What was changed. And how do we change it back.

Not sure. Lots of things changed. Have you been to the MS website and
read the "What's New" document for IIS6? Try this:
http://www.microsoft.com/windowsserver2003/iis/evaluation/features/default.mspx
or this:
http://msdn.microsoft.com/library/en-us/iissdk/html/dbeeb5c4-c1a7-42cd-8e03-6513fc08aa92.asp

There's also this dandy Support Center:
http://support.microsoft.com/default.aspx?scid=fh;en-us;iis60&x=15&y=13

as well as the www.iisfaq.com site.

Bob Barrows

 

[jaco]

Hi Bob,

We are currently storing about 30 user profile settings as session variables
in a asp site.

Since moving to Windows 2003 R2 with IIS6.0 we are experiencing unexpected
session timeouts. The session timeout interval is set to 480 minutes or 8
hours. Our users are however complaining that they are experiencing timeouts
more randomly and over much shorter intervals.

Users have to log in again when their session is timed out.

Implementing a new Session State Management Sub System using cookies and/or
files and/or SQL DB is not an option purely due to the cost in retesting and
redistributing the site.

So the question remains. Why are sessions timing out prematurely?

Thanks
Jaco Roux

 

[Bob Barrows [MVP]]

Hi Bob,

We are currently storing about 30 user profile settings as session
variables in a asp site.

What are you storing? Strings? Arrays? COM objects?

Since moving to Windows 2003 R2 with IIS6.0 we are experiencing
unexpected session timeouts. The session timeout interval is set to
480 minutes or 8 hours. Our users are however complaining that they
are experiencing timeouts more randomly and over much shorter
intervals.

Users have to log in again when their session is timed out.

Implementing a new Session State Management Sub System using cookies
and/or files and/or SQL DB is not an option purely due to the cost in
retesting and redistributing the site.

So the question remains. Why are sessions timing out prematurely?

Sorry, I don't know. You should try posting to the .inetserver.iis
group.

We'd appreciate if you would post whatever solution you find here.

....

I just did a google search and came up with
http://blogs.msdn.com/david.wang/archive/2005/09/19/Why_do_I_lose_ASP_Session_State_on_IIS6.aspx
http://support.microsoft.com/default.aspx/kb/233477
http://groups.google.com/groups?hl=...GLD:en&q=IIS 6 "session timeout" &sa=N&tab=wg

Do any of these help?

 

[jaco]

Strings only

What are you storing? Strings? Arrays? COM objects?


Sorry, I don't know. You should try posting to the .inetserver.iis
group.

We'd appreciate if you would post whatever solution you find here.

....

I just did a google search and came up with
http://blogs.msdn.com/david.wang/archive/2005/09/19/Why_do_I_lose_ASP_Session_State_on_IIS6.aspx
http://support.microsoft.com/default.aspx/kb/233477
http://groups.google.com/groups?hl=...GLD:en&q=IIS 6 "session timeout" &sa=N&tab=wg

Do any of these help?

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.