We have a web application built in ASP MVC 4.
We are storing our session data in database i.e. sessionState mode="SQLServer"
When we restart the application pool, we expect the session not to expire. However, for some reason it does. Session_end is not being called, however Session_Start is called.
Please can anyone suggest why this could be happening.
Thanks
Related
I have a website that's using ASP.NET Core MVC. It's hosted as an App Service in Azure. Authentication happens against Azure AD.
The authentication cookie is a session cookie.
Is there a way to force all existing session cookies to be invalid? Back in the day of .NET Web Forms I would have recycled the app pool or changed the machine key.
I don't care if the cookies still exist, I just want them to no longer be accepted by my web application.
In or to invalidate the auth cookies in an ASP.NET Core application, you need to delete the encryption keys. I am hosting my site an Azure and the encryption keys are stored at %HOME%\ASP.NET\DataProtection-API. There will be one or more XML files stored in that directory, those are the keys. Delete the XML files and restart the web application (you must restart the web application as the keys are stored in-memory).
I ran into an issue where I had scaled out my web application and both web apps started simultaneously. This caused each app to create its own key and (more importantly) be unaware of the other app's key. To help prevent this from happening, I perform the following steps:
Scale down my app service to 1 isntance
Delete the XML files
Restart the web application
Request a page from the web application (ensure it has been restarted)
Scale my app service back up
Is it possible to make the session persistent in ASP.Net Core? So far I can only find information about cookie expiration connected to ASP.Net Identity (which I am not using), or session idle timeout (which does not persist after the user closes the browser).
Where do I find options to make the session persistent?
ASP.NET Core Session is built on top of IDistributedCache so I guess you are looking for its persistent implementation (Redis, SQL Server etc.).
Working with a distributed cache.
I hosted some service in my local IIS with Application Pool Identity as Identity in application pool.
Now I tried to add another WCF Application and set its identity as application pool identity, but the application pool will stop when it receives the first request.
When I tried with an existing application pool, its working.After googling I tried, to find some logs in event viewer, but there were no error.
If I set my user id and password, then its works fine.
How can I troubleshoot and figure out whats the issue with Application Pool Identity?
If I set my servis instance as Per Session or Single can I send some data between services instance in session? It should be done in Asp.net session - HttpContext.Current.Session
or wcf have own session ?
As I said - WCF is not ASP.NET and its session handling is vastly different. While ASP.NET sessions and WCF sessions are called the same - they are vastly different in their purpose and usefulness.
Read the MSDN page Using Sessions in WCF for more details.
One sentence reads: There is no general data store associated with a WCF session. - so the answer is no - sessions in WCF are not meant for data storage.
WCF sessions are merely to "tie together" several messages into a conversation. By default, with the "per-call" model, each WCF service request would get its own, freshly instantiated service class instance to handle the request, and that service class instance will be freed after returning the answer. Using sessions avoids this - the service class instance handling the first call of a session will stay alive on the server side (and thus also taking up memory on the server) and will handle all subsequent requests within the same session.
WCF and web services in general should however preferably be stateless, so sessions are a bit of an oddball architecture in a proper SOA environment - and that's most likely why sessions in WCF are also not nearly as useful as ASP.NET sessions are for web apps.
To remain stateless and support the per-call method (the preferred best practice), if you need to store data between calls, store it in a persistent store (e.g. a database) and fetch it back from there when needed later on.
If you're hosting services in IIS, you can enable ASP.Net Compatability mode. This will allow you to use ASP.Net session state, just like you would in a web application.
While making my first ajax attempts, I decided also, to go to use IIS hosted WCF now. The strange thing is, that the WCF cannot process several requests parallel for the same user/session, if sessionmode is enabled! If sessionmode is disabled on asp.net, the requests are processed parallel. The broser/client may execute several different requests, where some of them are long running. This blocks all further requets and make my ajax app unusable.
This applies to asmx [webservices] also. I had a big hope, to compile the webservice methods using "IReadOnlySessionState" interface, but this has - in oppsite to webpages - no influence. But I need access [most times readonly] to the asp.net session!
Does someone knows any solution to this problems.
Anyway, thanks a lot!
br--mabra
In .NET 4, you can do this in Application_BeginRequest
if (Context.Request.Path.EndsWith("xxx.svc"))
Context.SetSessionStateBehavior(SessionStateBehavior.ReadOnly);
I found this:
http://blogs.msdn.com/silverlightws/archive/2009/09/30/having-a-pollingduplex-service-and-any-other-wcf-service-in-the-same-website-causes-silverlight-calls-to-be-slow.aspx
Which states,
"All WCF services require read/write session state access if you enable ASP.Net sessions, which causes the replies to be queued sequentially. Ideally user should be able configure the WCF handler to be read only, which would allow polling duplex services to work with sessions. Unfortunately this is unsupported at this point."
...the only thing I can think of is if there's some way to manually force early release of the lock. I'm looking into that now.
You can provide a custom session state provider
See: http://koolsand.blogspot.com/2010/02/why-iis-hosted-wcf-services-does-not.html
whenever a request contains svc in the
path it intimates default session
state provider to use readonly lock
and not read-write lock. So using
readonly lock will allow the next wcf
call to be executed concurrently.