Troubleshooting Session Related Issues in ASP.NET
page 5 of 7
by Rahul Soni
Average Rating: 
Views (Total / Last 10 Days): 61337/ 93

Web Farm

Let us see what happens when you have a web farm. Assume I am the client and hitting your server X. My session is known to the server X. Next time I hit the same box X and everything is fine. After about 10-15 minutes, that server is under load and I am redirected to the Server Y. Naturally, Y will not know who I am and would simply redirect me to the login page. And the same thing would happen to any person who hits your website. In this case, we will have to use Out of Process session mode, which could be ASP.NET State Server or SQL Server.  Imagine what would happen if you still end up losing sessions?

I would suggest checking the following.

1. In IIS, the Web sites names and identifiers must be same throughout the web farm (NOTE that it is CASE-SenSitive). For more details, check out the following KB.

2. In your Framework folder (C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG) there is a machine.config file which contains the following default settings.

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1"/>

If you are planning to use a Web Farm, you must ensure that the machineKey’s validationKey and decryptionKey is not set to AutoGenerate. The following KBs will show you how to do it in VB and C#.

3. If you are not using Web farms, check for Web garden. In your machine.config (pre Win 2k3 servers) there is an attribute called Web Garden which could be enabled to True. If you plan to keep this to true, you must use Out Of process as discussed above. In Win 2k3 boxes the web garden configuration is not read from the Machine.config. Instead, it is taken from your Application Pool settings. Read more.

Question 4: Since it is reproducible, the first thing which I would like to clarify is whether it is a problem with this particular application or all the applications.

Answer 4: Let us consider the following scenarios.

All the applications exhibit the same behavior. It means that no application is capable of persisting the session related information. Oh yes, believe me… this is a possibility!! I have seen this issue happen quite often due to a bad server name. For example, if your server name has an underscore or other special characters in it, you will not be able to persist session or cookie related information. To ensure that you are not hitting this issue, check the following KB and ensure that your server name is correctly formed without any Underscores and other special characters.

Session on all of the pages in your application work fine, but assume there is a page where you are just unable to persist the session information. To me, this means that there might be a bad object which is causing this problem. The first thing I would advise is to create a back up page for the problematic page. Then, you need to comment all the lines which are storing anything in session. Once you are done, your page should work fine. Please check it before continuing. Now, add a dummy session variable and see if that works. Since all the other pages are working fine, I am pretty sure that if you create a dummy session variable that would work. Still, it is good to do this test. Once you have checked the dummy session variable in action, all you have to do is uncomment the lines containing session 1 by 1 (or may be chunk by chunk). Test your page each time after you uncomment the page. Pretty soon, you will come up with a variable which is causing you issues. Fix that object and you should be good!

Recently, I encountered a very interesting issue. The sessions were working absolutely fine. This was a shopping cart application and each time the user browsed to any specific item he was able to add it to the cookies. His session worked fine until he selected the 20th item. It would happen each time without fail and happened for no less or more number of items but 20. I decided to peek into the IIS Logs with the cookie enabled.

I could see that the session ID was showing as following…

Each time when he selected a new item it stored a cookie and this was appended to the above cookie list. Interestingly, after 20 items the ASPSessionID was removed and we ended up losing the session. I was thinking about why it would be and then found the following KB. Notice that it talks about a limit of 20 cookies per unique host or domain name. So, the bottom-line is that you can end up losing sessions even though there is a limitation with the client side.

I have been working as an IIS/ASP.NET Technical Lead at Microsoft since 2004 and I have seen quite a lot of session loss related issues. Most of the time, I was able to resolve when I followed the above techniques. I hope that this article comes in handy for you as well.

View Entire Article

User Comments

Title: Need some urgent help   
Name: Paks
Date: 2012-04-25 8:22:34 AM

Your article is wonderful. Very useful. But with my issue I still don't have resolution. It would be good if you can through some light on it.

We use:
ASP.NET 6.0, State Server to store sessions and IIS 6.0.
A single server as - web as well as state server. No farm nothing.

Issue is we physically moved the severs to a new data center. Suddenly we have started observing session data getting lost. Behaviour is random and not getting replicated on any of the dev servers. Also many a times only part of the session data is lost and not all the values. It's strange. I do not want to enable application level trace on production as well performance monitor tool does not seem to be helping in my case.
Can you help out with the issue. Suggest some external tool which monitors the issue or is it possible to write small .NET app to trace the existing web app.
Your suggestions are valuable.

Thank you.
Title: need help   
Name: sivarj
Date: 2010-06-10 2:11:04 AM
I am uisng farpoint grid,while pageloading farpoint grid overlapping first row with header how to over come this problem
Title: Thanks Bro   
Name: Vishal Jani
Date: 2010-01-04 8:05:17 AM

After long googleing I find your article and thanks for
your observation. It saves my project.
Just only after creating upload directory outside the application direcotry my session loss problem has been solve.

Thanks again.

Vishal Jani
Title: Thank you   
Name: Payal
Date: 2008-12-02 2:46:45 AM
thanks a lot..its exactly what i am looking for..
Title: Session Conflict (For Payal)   
Name: Rahul Soni
Date: 2008-12-02 1:47:35 AM
Hi Payal,

If you are seeing shared sessions, the first thing that you should check is Caching. See if you have Caching enabled and proceed form there.

Title: Session conflict   
Name: payal
Date: 2008-12-02 12:39:36 AM
Hi Rahul,

This is article gives me a lot of insight for using session or resolving session related issue. But i am facing some major problem with session state in 1.1 application.

Session variables are conflicting with each other that means if there are two/three simultanous user using the web application at same time, some times they can view the details of other users and vice-versa. When i debug the application i hv not found any issues. I am just storing employee ID which is numeric. Can you please help me to resolve this issue?

Title: Web Farm - Complex object storing issues   
Name: Rahul Soni
Date: 2008-10-21 6:37:02 AM
Hi Senthil,

Server.Transfer is executed at the server side, which means that the code would execute on the server which is catering to the request. Response.Redirect might end up on a new server, but Server.Transfer wouldn't.

Regarding the 2nd query, you need to ensure that the objects are serializable, else you would see an error message while trying to store that objects in the session.

But honestly, try NOT to store very large objects, specially you should always ensure that whatever you are storing in session is short and sweet. Large session objects (> 85K) would end up in LOH and hence complicate your App's memory requirements.

Title: Web Farm - Complex object storing issues   
Name: Senthil Valavan & Meyyapan
Date: 2008-10-21 5:48:59 AM
Hey Rahul,
Ur Comments were nice ,

Please help up in this following scenerio for WEB FRAM

1) When using Server.Transfer in our application , will it make any issues on WEB Farm

2) While Storing Complex Objects (Like hashTable & Class objects ) into Session (SessionState=SqlServer). Could you brefiely explain any specific steps need to be taken.
Title: Is it complete...   
Name: Deep
Date: 2008-09-11 6:31:49 AM

Article looks great, our problem is here:

"Notice… it is not a problem which “All the users face at the same time.” It is something which is happening to ALL the users, BUT NOT AT THE SAME TIME."

But it seems the article is not giving tips for this scenario or I missed sth.

Your advice will be helpful.

Title: Web garden...doh!   
Name: Aaron
Date: 2008-05-15 12:22:25 PM
I got caught by setting the application pools to use two processes (web garden area) and not setting out of process sessions. Thanks for this article it just saved me a lot of trouble.
Title: For Mihir   
Name: R S
Date: 2007-08-22 12:20:46 PM
Hi Mihir,

In fact, ASP.NET and ASP.NET Applications are not generic, and they are supposed to show the Perfmon as per your observation. That is, it will show the counters for the latest version of .NET Framework installed on your box.

If you have 1.1 and 2.0 both, it won't show any 1.1 counters. If you need to see 1.1 counters, you will need to add them explicitly.

Hope that helps,
Title: Asp.Net and Asp.Net Applications are generic ?   
Name: Mihir
Date: 2007-08-22 11:26:21 AM
Hey Rahul,
Nice two see this article.
I have some concern here..any internal article will help.
I'm using PERFMON utility to measure performance of an application with Asp.Net and Asp.Net Applications performance objects (attribute group) of PERFMON Utility. I've deployed 2 same Asp.Net application on my machine, the only difference is one is developed using Asp.Net 1.1 and the other is developed using Asp.Net 2.0. Through observation I've noticed one thing that's Asp.Net and Asp.Net Application attribute group reflects the values same as Asp.Net 2.0. and Asp.Net Apps 2.0 attribute group and not refecting the values those are of Asp.Net 1.1.4322 and Asp.Net Apps 1.1.4322 attribute groups.

My understanding for this is Asp.Net and Asp.Net Applications are generic attribute group(Performance Objects) and they should refelect values of both attribute groups (Asp.Net 1.1.4322 and Asp.Net 2.0 as well Apps 1.1.4322 and Asp.Net Apps 2.0). I've all 3 versions of .Net installed on my machine but I'm not getting any attribute group specific to Asp.Net 3.0 like previous two.

Can anyone make me clear on which attribute group to use for measuring performance of various Asp.Net Application i.e. Generic one or Version Specific? Because the Perfmon utility shows both generic i.e ASP.NET
and version specific performance objects like (ASP.NET v1.1.4322)

I am stuck please help.
Title: Thank you   
Name: Narayanan
Date: 2007-07-04 1:47:44 AM
Excellent article
Title: A little more information!   
Name: Rahul Soni
Date: 2007-03-30 11:47:06 AM
I guess, I missed this very important KB article It talks about certain cases where you will have multiple ASPSessionID cookies. As you know a lot of cookies might hurt the performance, and it could also lead to Session Loss.

Just thought I should addding this information here!

Rahul Soni
Title: Simple and Useful   
Name: Ravi Garg
Date: 2007-03-29 12:51:56 AM
Well thats great!
An article when solving a security issue must be as simple as it could be.
Title: Great Article   
Name: Parag Agarwal (paraga)
Date: 2007-03-17 2:01:20 PM
I came across this article .. good work keep going..
Title: Troubleshooting Session Related Issues in ASP.NET   
Name: Saurabh
Date: 2007-03-07 2:46:01 PM
Excellent stuff....This is really helpful for people who are struggling with issues related to Session loss in As/ Web applications.


Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-06-20 7:20:09 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search