Status Service and session loss

Source: Internet
Author: User
Tags object serialization

In ASP. net2.0, session loss occurs when files are deleted or created in a program.
The following method is used:
1. Implementation of session:
The session of is based on the httpmodule technology. The httpmodule can control the Request status before the request is processed. Because the session itself is used for status maintenance, therefore, it is more appropriate to use httpmodule for session.
Session status persistence in ASP. NET
ASP. NET provides session objects, allowing programmers to identify, store, and process the context information of several requests from the same browser object to a specific network application on the server. Session corresponds to the same conversation between the browser and the server. When the browser first requests a page of the network application, the server triggers the session_onstart event; the session_onend event is triggered when the dialog times out or is disabled. The programmer can respond to these two events in the code to process tasks related to the same conversation, such as opening up and releasing resources to be used for this conversation.
In ASP. to use the session object in the net program, make sure that the enablesessionstate attribute in the @ page command of the page is true or readonly, and in the web. the sessionstate attribute is correctly set in the config file.
Session status persistence in ASP. NET is determined by the mode attribute marked by the <system. Web> label in the web. config file. This attribute has four possible values: Off, inproc, StateServer, and sqlserver.
If it is set to off, the session will be disabled.
Inproc is the default setting. This mode is similar to the previous ASP session state method, and the session state is saved in ASP. net process, its advantages are obvious: performance. Data access within a process is naturally faster than that of a process. However, the session state of this method depends on the ASP. NET process. When the IIS process crashes or is restarted normally, the State stored in the process will be lost.
To overcome the disadvantages of inproc mode, ASP. NET provides two methods to maintain the session status outside the process.
ASP. net first provides a Windows Service: aspstate. After the service is started, Asp.. NET applications can set the mode attribute to "sateserver" to use the status management method provided by the Windows service.
In addition. if the mode attribute is set to StateServer In the config file, you must also set the IP address and port number of the StateServer server. if StateServer is run on the machine where IIS is located, the IP address is, and the port number is usually 42424. the configuration is as follows:
Mode = "StateServer"
Stateconnectionstring = "TCPIP = 42424"
In this mode, session state storage does not depend on the failure or restart of the IIS process, and the session state is stored in the memory space of the StateServer process.
Another session Status mode is sqlserver mode. This mode saves the session Status in the SQL Server database. Before using this mode, you must have at least one SQL Server server and create the required tables and stored procedures in the server .. . Net SDK provides two scripts to simplify this work: installsqlstate. SQL and uninstallsqlstate. SQL. Files in these two countries are stored in the following path:
<% Systemdriver %> \ winnt \ Microsoft. NET \ framework \ <% version %> \
To configure the SQL Server server, you can run the SQL server command line tool osql.exe in the command line.
Osql-s [server name]-U [user]-P [Password] <installsqlstate. SQL
For example:
Osql-s (local)-u As-P ""-I installsqlstate. SQL
After necessary database preparation, change the mode attribute of the sessionstate element in the web. config file to "sqlserver" and specify the SQL connection string. The details are as follows:
Mode = "sqlserver"
Sqlconnectionstring = "Data Source =; userid = sa; Password =; trusted_connection = yes"
In sqlserver mode, the session state is independent from the IIS server, and the SQL server cluster can be used to make the status storage independent from a single SQL Server, in this way, the application can be highly reliable.


2. cause of loss:
Switch (1): The cause and solution of unknown session loss under's default configuration
Under normal operation, the session will be lost for no reason. Because the program is constantly being operated, the possibility of session timeout is ruled out. In addition, the session timeout time is set to 60 minutes, and will not time out so quickly.
Write down the cause and solution.
Because the program is configured by default, the session settings in the web. config file are as follows:
Mode = 'inc'
Stateconnectionstring = 'tcpip = 8080'
Sqlconnectionstring = 'data source =; trusted_connection = yes'
Cookieless = 'true'
Timeout = '60'/>

The sessionstate label has an attribute mode. It can have three values: inproc and StateServer? Sqlserver (case sensitive ). The process is unstable. When some events occur, the process restarts, causing the loss of sessions stored in the process.
[Asp sessions are process-dependent. The ASP sessionstate is stored in the iisprogress, and the program inetinfo.exe is also used. When the inetinfo.exe process crashes, this information is lost.]

Under what circumstances will the process be restarted? An article by Microsoft tells us:
1. memorylimit attribute of the processmodel label in the configuration file
2. The Global. asax or web. config file is changed.
3. The web program (DLL) in the bin folder is modified.
4. Anti-Virus Software scanned some. config files.
For more information, see PRB: Session variables are lost intermittently in ASP. NET applications.
In the sessionstate label mentioned above, the mode attribute can have three values: StateServer and sqlserver. The two session types are both external, so when aspnet_wp.exe is restarted, the session will not be affected.

Set the mode to StateServer. StateServer is a service on the local machine. You can see the service named ASP. Net state service in the system service. It is not started by default. After we set the mode to StateServer, manually start the service. In this way, we can use the stateservice of the Local Machine to store sessions. The session will not be lost unless the computer restarts or the stateservice breaks down (it is normal that the session is discarded due to session timeout ).
In addition, we can use stateservice on other computers to save the session [for example, using a status server]. The specific modification is as follows. Also in the sessionstate label, there is a stateconnectionstring = 'tcpip = 8080' attribute, where there is an IP address, the default is the local machine ( ), you can change it to the IP address of the computer that runs the stateservice service as you know, so that the program located on different computers can communicate with each other.

If you have higher requirements and the session is not lost when the service period is restarted, you can set the mode to sqlserver and modify the sqlconnectionstring attribute. For information on how to use sqlserver to save sessions, visit here.
When you use StateServer or sqlserver to store a session, all objects to be saved to the session must be serialized except the basic data type (default data type, such as int and string. You only need to put the [serializable] label before the class to be serialized.
For example:
Public class myclass
For more information about serialization, see here.
Now, the problem is solved.

ASP. NET session state FAQ
ASP. NET session state
[ASP. NET] session details
PRB: session data is lost when you use ASP. NET inproc session state Mode
PRB: session data is lost when you use ASP. NET inproc session state Mode
ASP. net http Runtime
Object serialization in. net
(1) Use StateServer mode
Make sure that the server running ASP. NET Status Service is the remote server that stores session status information. This service is installed with ASP. NET. Its default location is
<Drive>: \ systemroot \ Microsoft. NET \ framework \ version \ aspnet_state.exe.
In the Web. config file of the application,
Set mode = StateServer and set the stateconnectionstring attribute.
For example, stateconnectionstring = "TCPIP = Sarath: 42424 ".
(2) Use sqlserver Mode
Run installsqlstate. SQL on the computer running SQL Server (which will store the session Status)
(The default installation location is <drive>: \ systemroot \ Microsoft. NET \ framework \ version ).
This creates a database named aspstate, which has a new stored procedure and has the aspstatetempapplications table and aspstatetempsessions table in the tempdb database.
In the Web. config file of the application, set mode = sqlserver and set the sqlconnectionstring attribute. For example, sqlconnectionstring = "Data Source = localhost; Integrated Security = sspi; initial catalog = northwind ".
(3) Example
The following example specifies several session Status configuration settings.

<System. Web>
<Sessionstate mode = "inproc"
Cookieless = "true"
Timeout = "20"/>
</System. Web>
Included in: <system. Web>
Web platforms: IIS 5.0, IIS 5.1, and IIS 6.0
Configuration File: machine. config, Web. config
Configuration section handler: system. Web. sessionstate. sessionstatesectionhandler

ASP. NET Configuration | ASP. NET configuration architecture | sessionstatemodule
[Cause:] IIS6 in Windows2003 server is added to the application pool to recycle useless process functions, when the application pool automatically recycles the process due to a website program error or too many accesses to prevent the website from entering the "dead" status, at this time, the collection of the application pool will cause the session variable to be cleared, and the session variable will disappear.
To solve this problem in Windows2003, we started the ASP. Net state service on the server and made some changes in the system's machine. config. By default, the session state mode is StateServer. If the root directory of your website is configured with a web. in the config configuration file, change mode = "inproc" to mode = "StateServer". The following code prevents the loss of session variables:
Mode = "StateServer"
Stateconnectionstring = "TCPIP = 42424"
Sqlconnectionstring = "Data Source =; Integrated Security = sspi"
Cookieless = "false"
Timeout = "30"
+ Note: Only applicable to users that support

Turn (2): Reasons and Solutions
Save the session in the state Server:
1. Start the service "ASP. NET state service ",
2. Then, modify web. config:
Mode = "StateServer"
Stateconnectionstring = "TCPIP = 42424"
Sqlconnectionstring = "Data Source =; trusted_connection = yes"
Cookieless = "false"
Timeout = "140000"
Note: // mode = "StateServer" In this mode, the session will not be lost even if the page is modified!
Of course: mode = "inproc" If your mode is set to this type, the session will be lost when you modify the page !!!!!!

In webconfig, setting the session mode to sqlserver or StateServer does not cause session loss,
The former needs to be written to the database, and the latter requires the system to enable the StateServer service.

Cause 1:
Files in the bin directory are rewritten. has a mechanism. To ensure that the system runs normally after the DLL is re-compiled, it restarts a website process, which will cause session loss, therefore, if an Access database is in the bin directory or other files are rewritten by the system, session loss occurs. [The session must be lost when the directory is deleted.'s internal mechanism treats a directory a bit like a miser. It keeps a directory, and you can't create it (to add it). Once you create it, it will monitor the directory, if you want to delete or rename it (the directory that changes it), it will be restarted.]
Cause 2:
In the folder option, if the "Open folder window in a separate process" is not opened, once a new window is created, the system may consider it as a new session and cannot access the original session, therefore, you must enable this option. Otherwise, the session will be lost.
Cause 3:
It seems that most of the session loss is caused by the client, so you have to start from the client to see if the cookie has been opened.
Cause 4:
Is there a problem with the session time setting and will it be lost due to timeout.
[The default time is 20 minutes. You can set the session timeout in Web. config, for example, 60 Minutes.]
Cause 5:
The maximum number of cookies in IE (20 cookies per domain) may cause session loss.
Cause 6:
The Web garden mode and inproc mode are used to save the session
Solving lost experiences
1. Determine if it is caused by cause 1. You can track the modification time of a file in the bin every time you refresh the page.
2. for session read and write logs, each read and write session must be recorded, and the session operations of sessionid, session value, page, current function, and function must be recorded, this makes it much easier to find out the cause of the loss.
3. If this is allowed, we recommend that you use state server or SQL Server to save the session, which is not easy to lose.
4. Add the code to global. Asa to record the creation time and end time of the session. The session loss caused by timeout can be recorded in sessionend.
5. If some code uses client scripts, such as JavaScript to maintain the session status, you need to try to debug the script to check whether the session is lost due to a script error.

(3): Reasons for session loss and Solutions
Possible cause 1:
IIS6 under win2003 server is set by default. After more than 20 hours, every worker process running in the default application pool is automatically reclaimed, resulting in the loss of session stored in the process.

Because session, application, and other data are stored in the worker process that runs the web application by default, if the worker process is recycled, it will cause loss.

Modify the configuration and set it to automatically recycle the worker process from time to time. For example, set it to automatically recycle the worker process when the occupied physical memory exceeds 60%. By using the default application pool, you can ensure that multiple applications are isolated from each other, so that the crash of one application will not affect other web applications. It also allows an Independent Application to run under a specified user account privilege. If you use StateServer or SQL Server database to save the session, this setting is not affected.

Possible cause 2:
The system must run in a load balancing web environment, and the system configuration file web. the session Status in config is set to inproc (that is, the session status is stored locally), which leads to the situation where the session often times out when the user's access volume is large. This is mainly because the user accesses the web application system through the load balancing IP address, and saves the session Status of a session on a server at a certain time, however, the session Status of the session is not saved on other Web Front-end servers. As the concurrency increases, the load balancing function can be used as a route to access idle servers at any time, as a result, the idle server does not have the previously saved session status.

1. when you run ASP. net web applications must use sqlserver or StateServer session Status mode. In the project, we did not select sqlserver mode to store session status based on performance considerations, instead, select a sessionstateserver server to view the session Status of the user. We need to set the following in the System Configuration File web. config:
Mode = "StateServer" cookieless = "false" timeout = "240"
Stateconnectionstring = "TCPIP = 42424" statenetworktimeout = "14400"/>
Add another item
Validationkey = "cipher" decryptionkey = "5fc88dfc24ea123c" validation = "sha1"/>

2. we also need to start ASP on the sessionstateserver server. net State service, specific settings: Control Panel> Management Tools> services> Asp. net State service, set it to automatic start.

3. Microsoft "Internet Information Service" (IIS) settings for each front-end Web Service
To maintain the session status between different Web servers in the Web farm, Microsoft "Internet Information Service" (IIS) configures the Application Path of the web site in the database (for example, \ lm \ W3SVC \ 2) must be the same as all Web servers in the Web field. The application path must be case sensitive. On a Web server, the instance id of the Web site that hosts ASP. NET Applications may be 2 (where the application path is \ lm \ W3SVC \ 2 ). On another Web server, the instance id of the web site may be 3 (where the application path is \ lm \ W3SVC \ 3 ). Therefore, the application paths between Web servers in the Web field are different. We must make the instance IDs of the Web site the same. You can save a web configuration as a file in IIS. the IIS configuration of other web servers can come from this file. If you want to know the specific settings, visit the Microsoft support website:

Turn (4): Highlights of lost issues
Sessionstate timeout), there are three main reasons.
I. Some antivirus software will scan your web. config file. At that time, the session will definitely drop. This is Microsoft's statement.
2: The program contains code that causes session loss and insufficient server memory.
3. The program has a framework page and Cross-Domain Information.
The first solution is to shield the antivirus software from scanning the Web. config file (do not edit it when the program is running)
The second is to check whether the Code has session. Abandon () or the like.
The third is to start ASP. NET state service in the window service.
Http:// Temp =. 4426386.
You may have changed the website file during the test.

The following is the help content:
(MS-help: // Ms. vscc.2003/ms. msdnqtr.2003feb. 2052/cpguide/html/cpconsessionstate.htm)
ASP. NET provides a simple and easy-to-use session state model that allows you to store arbitrary data and objects across multiple Web requests.
It uses a dictionary-based, in-Memory Object Reference (these object references exist in the IIS Process) cache to complete this operation.
When using the in-process session Status mode, consider the following restrictions:
When the in-process session Status mode is used, if the aspnet_wp.exe or application domain restarts, the session status data will be lost. These reboots usually occur in the following situations:
(1) In the <processmodel> element of the web. config file of the application, set an attribute that causes the new process to start when the conditions are met, such as memorylimit.
(2) modify the global. asax or web. config file.
(3) change to the \ bin directory of the Web application.
(4) scan and modify the global. asax file, Web. config file, or files in the \ bin directory of the Web application with anti-virus software.
(5) If the network garden mode is enabled in the <processmodel> element of the web. config file of the application, do not use the in-process session Status mode. Otherwise, random data will be lost.
I have also met. The session or cookie on this machine is lost.
Mode = "StateServer"
Stateconnectionstring = "TCPIP = 42424"
Sqlconnectionstring = "Data Source =; trusted_connection = yes"
Cookieless = "false"
Timeout = "40"
Mode =. Local/other machines/sqlserver.
In many network architectures, each server stores session and cookie through a dedicated State server ..
I used to solve this problem by using the following methods. This does not happen now.
1. Release. Do not debug the release.
2. <sessionstate cookieless = "true" sets cookieless to true. The session is also invalid when the client disables cookies.
3. extend the session expiration time in IIS.
4. Prevent antivirus software from scanning files and web. config files in the bin folder.
I did the above. However, the session is used normally! Haha ~~ I'm lucky!
I don't want to talk about it. I don't need to use the session. I just need to use forms for authentication,
The system I used in the last two days was well handled.
I just encountered a similar problem: when using frameset, the session variable is lost.
Find a solution on Microsoft's website
I wonder if it works?

IIS ---> application connection pool ---> properties ----> [recycle] [performance] the parameters in [running status] should be changed to ^_^ as much as possible ), I don't know how to pull it. It's okay to pull all the sessions after I change it. the customer's website and the background of the online forum are also well-drawn.

(5): the session in the new window is lost when the modal window is opened.
This problem persists. In window a, use showmodaldialog () to open a new modal window B. Then, perform some business operations in window B, and print some forms based on the business operations. The result is that session loss occurs when the open () method is called in window B, prompt the user to log on again.
In the past two days, there have been no flies, and various methods have been continuously tested. If you use the showmodelessdialog () method to open the non-modal dialog box in this window, there is no problem, but you cannot directly use the open () method to achieve the desired effect. On the Internet, Google keeps searching for answers from BBS and provides the simplest applications. It is hard to find an article that mentions the valid range of the session object, but does not specifically mention the problem I encountered:
Valid window products include
1. The session object is valid only in the window where the session object is created.
2. Invalid Window opened in the session object creation window includes
1. Directly start the IE browser window
2. It is not a new link window in the session object creation window. (That is, the author calls the open () method in window B popped up in window a of Session Object creation .)
Considering that it is valid only in the window where the session object is created, the session. setattribute () method is re-used in the sub-window, so that the operation can be successful, and the result still does not work.
In the morning, I suddenly got an inspiration. Since the session is lost in the subwindow, the session variable exists in the parent window no matter how, I don't have to reset the session variable in the subwindow, but the open () method of the JavaScript function of the parent window can be called directly. No matter how you try it first, the result is true. In many cases, this is the case. If you want to be lazy, you have to solve the problem on your own.

This article from: PQ xiuxiu Network ( detailed source reference:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.