ASP.NET 4 Login timeout

R4VEN · August 9th, 2010, 03:43 AM

I've purchased and read Imar's ASP.NET 4 book after my lecturer showed it to me because he only knows ASP classic and couldn't help me. That book has been godsent

I have created a simple website but I have this recurring problem whereby users are logged out at sometimes within ten minutes of logging in. This is affecting many things, I have tried to change as many settings as I know but nothing seems to fix this.

Does anyone know what factors could be causing this? I've spent months on this

Imar · August 9th, 2010, 03:56 AM

Hi there,

Does changing the timeout attribute as explained on page 586 solve the problem?

Imar

R4VEN · August 10th, 2010, 09:49 AM

Holy crap, I was expecting a reply in between 1-3 days like is the go everywhere else but you responded within 20 minutes.

I did have the timeout session set in my Web.config file but it was to something really high.

I changed it down to what was in the book but it's still happening.

Is there any chance that some code I'm using to retrieve user names in my pages could be interfering or something. I use the following often:

Dim u as MembershipUser
u = Membership.GetUser(User.Identity.Name)
Session("myUserName") = u.ToString

If it's not this then I feel it must be in the web.config file.

Cheers for the reply

Imar · August 10th, 2010, 10:21 AM

Quote:

Session("myUserName") = u.ToString

If you use this code to determine if someone is logged in, then the user is not really being logged out, but the Session expires.

Sessions expire, by default, after 20 minutes. That's a good thing normally, or otherwise your server comes to a grinding halt if many users create many orphaned sessions. By timing out, the session object gets destroyed and free up resources on the server.

The question is what you want to achieve. You can extend the Session timeout, but that's probably not a good idea. If this is about staying logged in, you may need to rewrite your code a bit. You could, for example, try to get the user's name again when it's Nothing (which would be the case if the Session had timed out).

If you can explain in a bit more detail what you're trying to do, I may be able to give you better advice.

Cheers,

Imar

R4VEN · August 10th, 2010, 11:27 AM

I have that code littered throughout my site for different purposes, but I've mainly placed it in the PageLoad function. My purpose for this is to Session the user's name for my various AccessDataSources littered throughout the page. This is as a Select Parameter typically.

Is there a better way to acheive this affect?

Code:

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)

        If Roles.IsUserInRole("JohtoTrainer") Then
            Dim u As MembershipUser = Membership.GetUser(User.Identity.Name)
            Session("myUserName") = u.ToString

<asp:AccessDataSource runat="server" ID="dsLocked2" DataFile="~/Brawl/Brawl.accdb"  
                SelectCommand="SELECT Main1, Main2, Main3, Main1Locked, Main2Locked, Main3Locked, RandomMain FROM Johto WHERE UserName = ?">
                
                <SelectParameters>
                    <asp:SessionParameter Name="UserName" Type="String" SessionField="myUserName" />
                </SelectParameters>

            </asp:AccessDataSource>

If it helps the site is http://blighfi.net , however this problems isn't one which shows itself straight away.

This problem is quite erratic too, sometimes I can stay logged in for 15 minutes fine, then sometimes it logs me out 3 times in 5 minutes.

Imar · August 10th, 2010, 02:15 PM

Quote:

I have that code littered throughout my site for different purposes

That's pretty much always a bad sign ;-) Stick to the DRY principle (Don't Repeat Yourself) and try wrapping code like this in some helper method. Untested, but something like this should work. Add this code to a new .vb class in the App_Code folder:

Code:

 
Option Strict On
 
Public Class Helpers
  Public Shared ReadOnly Property UserName As String
    Get
      Dim session As HttpSessionState = HttpContext.Current.Session
      Dim userNameSessionKey As String = "myUserName"
      If HttpContext.Current.Session(userNameSessionKey) Is Nothing Then
        Dim u As MembershipUser = Membership.GetUser _
                (HttpContext.Current.User.Identity.Name)
        If u IsNot Nothing Then
          session(userNameSessionKey) = u.UserName ' You had ToString here. Deliberate choice?
        Else
          session(userNameSessionKey) = String.Empty
        End If
      End If
      Return Convert.ToString(session(userNameSessionKey))
    End Get
  End Property
End Class

This creates a shared property that returns the current user's name when accessed, It's value is stored in a session variable. When that value gets lost, it's recreated the next time you access the property (provided the user is logged in).

The only downside is that you can no longer use the Session field. Instead, you need to handle the Selecting event of the data source control and manually assign the UserName:

Code:

 
Protected Sub dsLocked2_Selecting(ByVal sender As Object, 
     ByVal e As System.Web.UI.WebControls.SqlDataSourceSelectingEventArgs) _
            Handles dsLocked2.Selecting
  e.Command.Parameters("UserName").Value = Helpers.UserName
End Sub

Hope this helps,

Imar

R4VEN · August 11th, 2010, 09:25 AM

What you've posted above looks promising, it'll take me a while to rework this into my pages and atm I'm in a uni semester and this is my side project.

I'm keeping this place bookmarked and this week I'll come back and test it and see how it goes. Either way I'll post back with my result.

Your responses make me want to learn more ASP.NET 4 so I can get pro and help other people here.

Imar · August 11th, 2010, 09:57 AM

Quote:

it'll take me a while to rework this into my pages

Just remember the DRY principle.... ;-)

Quote:

Your responses make me want to learn more ASP.NET 4 so I can get pro and help other people here

Excellent!

Imar

R4VEN · August 15th, 2010, 03:50 AM

Alright

I've replaced the code which uses Session("UserName") with the code shown and the problem still persists. I completely removed all the following code from my pages.

dim u as MembershipUser = GetUser(User.Identity.Name)

And still when logged in I'll be logged out at some point or another while navigating the site.

Is it possible this problem could be on the server's side? When I test this on my internal server I can be logged in for an hour and not be logged out, however when I access the exact same pages on the actual server of my website this problem occurs.

I have a second server which can run ASP.NET 4 with a different company. Would it be a worthwhile test to make a copy of the site and test for the problem on a different server?

I get the feeling it's not a problem with my code

Imar · August 15th, 2010, 04:18 AM

Yes, it can definitely be a server problem. Session state is - by default - kept within the main IIS application. So when the application restarts, session state is lost as well. There are a number of reasons for a server restart:

1. Changes to the web.config. This causes the application to restart to pick up the new configuration. Often a manual process.

2. Anti-virus software can "touch" the web.config file, causing the same restart behavior

3. The application pool for the site recycles. This can be time based (every X interval, or specific times), resource based (memory, requests) and due to a crash.

Your host may be able to see more in the Windows Event Log.

Cheers,

Imar