Problems with Session.Abandon()

jacob · January 26th, 2005, 05:38 PM

Why doesn't it work?

I have previously made a system in ASP.NET, which used Session.Abandon() and it worked fine when it was running on a Windows server. However, I am now running my own Linux server with Apache, Mono, mod_mono etc. and I cannot abandon a Session.

Does anyone have the same problem, and how can I fix this? Do I have to do something special on the server to enable Sessions?

Imar, if you should read this, I have read you post about how the Session is still available on the current page, but even after redirecting I still have the Session.

Thanks, Jacob.

Imar · January 26th, 2005, 07:19 PM

I have no idea. I never used Mono before, so maybe it's related that. Maybe it's on the Mono Todo list... ;)

Are you using different code than you normally would? Are you sure Abondon gets called? (I am sure you checked that, but I am just out of ideas... ;) )

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Out From Under by Incubus (Track 13 from the album: Make Yourself) What's This?

jacob · January 27th, 2005, 04:31 AM

Thanks for the reply. I previously checked the mono site, but without result, or at least without a result that solved my problem.

Currently I am porting the project to the Linux server, and basically the only thing I have to change is the database communication layer since I am changing database. Nice. That is, until Session.Abandon!

There are two lines of code where the last one is a redirect, and it gets called, so the Abandon method must be called too. I have also made an Abandon in the beginning of another page which I can request manually to be abolutely sure that it gets called, but without the right result.

Imar, thanks for you effort :). I will keep on searching and post the answer when I eventually find it...!

Jacob.

jacob · January 27th, 2005, 06:07 AM

Alright, I have now narrowed down the whole thing. I have made a small page in which I can recreate the error. If anyone wants to try it out, then put the code underneath in a file called abandon.aspx and run it...

Code:

<%@ Page Language="C#" %>
<html>
<head>
    <title>ASP.NET Session.Abandon() Method Test</title>
    <script runat="server">
    void Page_Load(Object sender, EventArgs args)
    {
        switch(Request.QueryString["what"])
        {
            case "a":    Session.Abandon();        
                        Response.Redirect("abandon.aspx");
                        break;

            case "c":    Session["userName"] = "anyone";
                        Response.Redirect("abandon.aspx");
                        break;

            default:    sUserName.Text = "Session[\"userName\"] : "; 
                        sUserName.Text += Session["userName"];
                        break;
        }
    }
    </script>
</head>
<body>
<a href="abandon.aspx?what=c">create</a><br>
<a href="abandon.aspx?what=a">abandon</a><br>
<br><br><asp:Label id="sUserName" runat="server" />
</body>
</html>

On Windows it seems to be working (IIS), i.e. when the abondon link is clicked the session seems to be abandoned, however this is not the case on Linux with Mono. The creation is done perfectly, however it is not abandoned. It does not seem to be a refresh problem either.

Thanks, Jacob.

Imar · January 31st, 2005, 02:50 PM

I can't reproduce this problem because I am not using Mono anywhere.

However, this seems serious enough to report it to Project Mono, right?

As a work around, you could explicitly clear the session variables before you Abandon the session and redirect. Not as good as simply calling Abandon, but it might help.

You *could* of course override Session handling, and fix the problem... ;)

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

jacob · February 2nd, 2005, 04:59 AM

Thanks for the reply, Imar. I have posted the problem in the Novell forum, which I assume is the official Mono forum. There is a link to this thread aswell. The thread is here.

I was wondering if I should do my own implementation of the session handling, however it would be nice to use what should already be available. It might be the solution for now

.

Is it a bad idea performance-wise to handle your own session handling from a database (MySQL) instead of cookies as I understand Session does?

Thanks, Jacob.

Imar · February 2nd, 2005, 05:09 AM

Sessions do not use cookies to store the data. Sessions only use a cookie to store the Session ID which is a unique identifier to keep track of the user. (The cookie mungler can be used to avoid the cookie, and use the URL instead).

So, all that is stored in a cookie is the Session ID. This ID is then used to hook up data on the server to this user. In Microsoft ASP.NET you have 3 options: InProc (stored in the same process as the web application), StateServer (a separate Window Service that can run on the same box as IIS but doesn't have to) and SQL Server.

In the latter case, the data is actually stored in SQL Server tables. This may be slower than InProc or StateServer, but it's much more reliable and scalable. SQL Server as a state server can be deployed in a Web farm scenario where multiple web servers can use the same session store.
Also, when a web site restarts (reboot, crash, auto recycling, whatever) the state information is still available in the database.

So, there is a trade-off between functionality and performance. Using a database will be slower, but you get a lot in return. If you don't need that, InProc is the fastest way to store and retrieve session data.

Imar

---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

jacob · February 2nd, 2005, 07:44 AM

Alright, so when you choose that Sessions should be cookieless it is only the ID which goes through the URL. Where is the other data then stored? I was thinking that this might be the problem; i.e. if some permissions is not right on the server, namely where the data is stored?

Perhaps I should do my own component for handling sessions through a MySQL database. I can see the advantages, and I could do some experiments on the performance; not that it matters much in my case, since I am probably the only one using my web site ;) .

However I will follow the problem about the Session.Abandon() since it should be fixed if it is indeed a bug. Naturally, I will post an answer if I get it.

Thanks, Jacob.

Imar · February 2nd, 2005, 07:52 AM

Quote:

quote:Where is the other data then stored?

Check my previous post; it's all in there. Basically, you have three options: InProc, StateServer and SQLServer.

Not sure how this is implemented in Mono though.....

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

jacob · February 2nd, 2005, 08:15 AM

Yep, sorry but I did read that :) I get the SQL Server, but the InProc and StateServer I don't get. Is it stored in some data structure in some process that live throughout the whole session, or is it in fact stored in some text file or like?

In the first case I guess that there can't be any permission problems, but the last could pose permission problems, I suppose.

Jacob.