Users are timing out, even while they work

[TPS]

In my login routine I am doing the following

// Create the authentication ticket

FormsAuthenticationTicket authTicket = new

FormsAuthenticationTicket(1,personID.ToString(),DateTime.Now,DateTime.Now.Ad
dMinutes(60),false,roles);

//(version,name,creation,Expiration,Persistent,role data)

string x = FormsAuthentication.SlidingExpiration.ToString();

//x == true;

// Now encrypt the ticket.

string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Create a cookie and add the encrypted ticket to the cookie as data.

HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);

// Add the cookie to the outgoing cookies collection.

Response.Cookies.Add(authCookie);



In my web.config file I have the following

<authentication mode="Forms">

<forms

loginUrl="/pages/login.aspx"

name="dusacookie"

timeout="60"

path="/">

</forms>

</authentication>



<sessionState

mode="InProc"

stateConnectionString="tcpip=127.0.0.1:42424"

sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"

cookieless="false"

timeout="20"

/>




Any Idea why my users are loosing their session even though they are still
working?

Thanks

TPS

 

[Steven Cheng[MSFT]]

Hi TPS,

Thanks for posting in the community!
From your description, you used the FormsAuthentication in your ASP.NET
web application. However you found that the users visiting the web app will
timing out before they should be( do you means they'll be redirect to login
page rapidly or just be directed right after they have be authenticated
from the login page?)

As for this problem, I'd like to confirm some further things as I mentioned
above. Does the situaiton you met is that the Authentication cookie is
unable to store at client side? I think you may turn all the page's trace
in the @Page directive
set Trace="true" . That'll enable use to track the request's cookie
collectoin. Please check the cookie collection tosee whether the
Authentiation cookie occurs in the cookie collection? its name is just the
one you set in the web.config as below:
<forms
.....
name="dusacookie"
....>

Also, have you tried create another simple web app to use
formauthentication on the machine or even another server to see whether
this problem remains?

Please try out the above things. If you have any thing unclear above or
have any new findings, please feel free to post here.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

 

[TPS]

Cookies Collection
Name Value Size
ASP.NET_SessionId vpqfltqcpl5kcy55nxaiwduz 42



Steve, it does not look like the "dusacookie" is in the cookies collection.
That must be why I am timing out. Ideas why it is not in the collection?

Thanks for your help.

 

[TPS]

Sorry Steve, I had not logged in yet, so here is my cookies collection after
I log in.
So it looks like is in the collection.

Cookies Collection
Name Value Size
ASP.NET_SessionId pm10bs45iyett3ntzuzi33n2 42
dusacookie
2C35167C8BFA17C8C4C55BDACF046B02F4EFDBC44EFC6B14D93C829351C82047A7A253FE7044
D7A 155



TPS

 

[Steven Cheng[MSFT]]

Hi TPS,


Thanks for your response and the test result you provided. From the "cookie
collection" report, the FormAuthentication's token cookie is stored
correctly at clientside. So we may look for some other things. As for the
timeout, I still not quite sure on the whole sequence the problem happends.
Would you please provide me the detailed steps / sequence the problem
occurs? For example,
from the user login,
after how long ...
then ..

Also, it would be more helpful if you could create another simple project
just simple enought to repro the problem. Then, I may have a test on it on
my side. Do you think so?
Meanwhile, if you have any new findings , please also feel free to let me
know.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

 

[TPS]

Steve, thanks for your help

I can't make another test site. I am running as fast as I can to maintain
this site, as we go into live testing.

It looks like the session is timing out because the errors always occur when
we are trying to access a session variable like so:

int personid = (int)Session["PersonID"];

The error is "Object reference not set to an instance of an object"

I know I should check this beforehand, but that still will not solve the
fact that the session timesout.

This happens when a user is using the site. They are not idle, they are
constantly hitting the site, then for no reason, they get the error.

 

[Steven Cheng[MSFT]]

Hi TPS,


Thanks for you followup. Does the problem also happen if you create a new
web app and applied the forms authentiaction? And I think you may have a
look at the certain web app's trace. via the
http://web app path/trace.axd

to see whether the trace info will provide any clues?

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx