Re: ASP.Net 2.0 Unexpected Session Timeout
- From: "Brian Simmons" <centraso@xxxxxxxxxxxxxxxx>
- Date: Fri, 13 Jul 2007 15:45:12 -0400
Why does this happen on practically every thread in these MS forums.
Some poor soul posts a question that "violates" someone's personal agenda,
and that person feels compelled to jump in and tell the user why what
they're doing is "wrong" and how they're going to hell for doing it.
Why can't you just let the original poster be? He had a legitimate
question, and yes he's setting the sessiontimeout to something ridiculous,
but who really cares.
Chiming in with "that stupid" comments and then question the whole
architecting decision doesn't help the guy at all.
Just let him be, and if you don't have a solution or suggestion to his
specific problem, let it be. Keep your personal agenda to yourself.
Perhaps his application is used solely by the CEO of the company, and the
CEO has personally requested a 4 hour timeout. The CEO signs his paycheck,
you don't think the original poster is going to do everything within his
power to meet the CEO demands.
Why is it that seemingly every thread gets high-jacked like this???
"Kevin Spencer" <unclechutney@xxxxxxxxxxxx> wrote in message
news:uH5P1nXxHHA.1776@xxxxxxxxxxxxxxxxxxxxxxx
First of all, setting Session Timeout to 4 hours is not a business
requirement. A business requirement is defined as what the application
should do, not how it should do it; how it should do it is called
"design," "architecture," or a "solution."
Second, as design, architecture, or a solution, it is a very bad idea.
You're trying to do something with Session that Session is not designed to
do. Sessions time out to prevent memory resources on the server from being
wasted. When a Session is created, memory is allocated to that Session.
Since it is not known when the user will stop making requests to the
server, the Session automatically times out after an interval in order to
free up the memory allocated. By setting Sessions to time out after 4
hours, you ensure that every user that logs on the the application will
have memory allocated for a period of 4 hours, regardless of how long the
user is using the application. In fact, the 4 hour interval doesn't start
until the last request is sent to the server. So, if a user goes away from
his/her computer for 3 hours and comes back to access the application, the
Session is reset, assuming that the user hasn't shut down his/her browser,
in which case a new 4-hour Session is started.
There are other problems with this solution as well. While the server may
allocate Session memory for 4 hours, that doesn't stop the client from
closing the browser window and opening another. Depending upon the actual
business requirements for which this solution was proposed, there may be
serious security issues as well.
Your web application may be recycling due to excessive memory usage. If
the amount of memory being consumed by a web application reaches a certain
critical point, this will happen automatically.
There are any number of better solutions to satisfy the (as yet unnamed)
business requirement for which this ill-advised solution was devised. Just
about any of them would be better for you. If you can share with us the
actual business requirement, that would be a good starting point.
--
HTH,
Kevin Spencer
Microsoft MVP
Printing Components, Email Components,
FTP Client Classes, Enhanced Data Controls, much more.
DSI PrintManager, Miradyne Component Libraries:
http://www.miradyne.net
"Jack" <anonymous@xxxxxxxxxxxxx> wrote in message
news:OddJhgWxHHA.3560@xxxxxxxxxxxxxxxxxxxxxxx
We running an ASP.Net 2.0 app on IIS 6. We're trying to set a session
timeout to 4 hours (business requirement). We've tried setting the
timeout at login via code, setting it in the global.asax, and setting it
in the web.config. We still get random timeouts, sometimes less than 5
minutes after login.
We're logging pages that have had their session variables cleared in the
event logs, and it's on multiple pages. It's like something is recycling
the worker process, but I don't know why it would.
Any ideas?
.
- Follow-Ups:
- Re: ASP.Net 2.0 Unexpected Session Timeout
- From: Patrice
- Re: ASP.Net 2.0 Unexpected Session Timeout
- From: mark4asp
- Re: ASP.Net 2.0 Unexpected Session Timeout
- From: carion1
- Re: ASP.Net 2.0 Unexpected Session Timeout
- References:
- ASP.Net 2.0 Unexpected Session Timeout
- From: Jack
- Re: ASP.Net 2.0 Unexpected Session Timeout
- From: Kevin Spencer
- ASP.Net 2.0 Unexpected Session Timeout
- Prev by Date: Re: ASP.Net 2.0 Uninstall
- Next by Date: Re: release mode Compile error BC2014
- Previous by thread: Re: ASP.Net 2.0 Unexpected Session Timeout
- Next by thread: Re: ASP.Net 2.0 Unexpected Session Timeout
- Index(es):
Relevant Pages
|
