How C # Sets the session expiration time

Source: Internet
Author: User
Tags server memory

1. Operating system
Step: Start--〉 Administrative Tools--〉internet Information Services (IIS) Manager--〉 Web site--〉 Default Web site--〉
Right-click Properties--〉 Home Directory--〉 configuration--〉 options--〉 Enable Session-State--〉 session timeout (set the time-out you want here, in minutes). Ok.
2, ASP. NET application, setting the session Expiration time
In Web applications such as ASP. Session is a common means of saving user state, but because the server memory space is limited, the session expiration time setting is necessary.
In ASP. How to set the session expiration time, very simple, modify the Web. config configuration.
The specific modification method is as follows and is configured in Web. config as follows
<system.web>
<sessionstate mode= "InProc" timeout= "/>"
</system.web>
This refers to the session expiration time of 30 minutes. That means after 30 minutes, if the current user does not operate, then the session will automatically expire.
3, in the call Session of the CS page, the Load event is written in the following session.timeout = 30;
4. Store session in ASP.
<sessionstate cookieless= "false" timeout= "480" mode= "StateServer"
Stateconnectionstring= "tcpip=127.0.0.1:42424"
sqlconnectionstring= "Data source=127.0.0.1;user id=sa;password="/> Look, look at your program is the use of what kind of settings, the time to change to the time you need.


Asp. The session in net
If the user closes the value of cookie,session, it can be saved as well.
Config.web file for some preparation, as it finds the settings text about the session, such as:
< sessionstate cookieless= "false"/>
Change the cookieless= "false" to cookieless= "true", then the session will not be stored in the cookie, but stored in the URL.
Session can also be maintained on another host: change localhost to the host you want
<sessionstate inproc= "false" server= "localhost" port= "42424"/>


***************************
First explain the situation: the company to do monitoring system, b/s structure, mainly used in LAN internal! Monitoring system boot may be open for a long time, the administrator's ID and permissions are written in the session--
I think the reason for not using cookies may be that cookies are not very safe, there is a LAN, just a few machines to access the server, the session is not a few, so even if you always keep the session
Will not be too resource-intensive, at least the server can afford to afford.
How to keep the session: Some people say set session.timeout=-1, or less than 0 of the number. This method is certainly not possible, the session calculation time in minutes, must be greater than or equal to 1 integer.
Others say set up session.timeout=99999. This is also not possible, the session has the maximum time limit. I have been tested and found that the maximum value is 24 hours, which means you can session.timeout=1440 the maximum.
1441 can not have, hehe. I test environment: win2003+iis6.0+asp3.0.
Therefore, it is impossible to make the session never expire by setting the Session.Timeout expiration time. It is a good way to write cookies, and there are many such tutorials on the internet, so don't say it anymore!
There is also the use of the page to keep the session to set the hidden iframe every once in a while (this time is less than session.timeout time) to rinse a new frame empty page! The implementation method is as follows:
In order to keep the session page add:
< iframe width=0 height=0 src= "sessionkeeper.asp" >
</iframe>
Build the sessionkeeper.asp file in the same directory.
< html>
< head>
< meta http-equiv= "Refresh" content= "300;url=sessionkeeper.asp" >
<!--refresh yourself every 300 seconds, to communicate with the server, keep session not lost---
This approach is still relatively long, and there is a similar approach to the above, but he is not using meta to automatically rinse new nested IFRAME methods.
He is using Javascript:window.setTimeout ("functionname ()", 10000); The method of automatically invoking a function in the interval of time, of course, the function is to connect an empty file.
Here's how:
In order to keep the session in the side add:
<script Id=back language=javascript></script>
<script language=javascript>
function Keepsession () {
document.all["Back"].src= "sessionkeeper.asp? Randstr= "+math.random ();
The randstr=math.random here is just to keep the value of each back.src different, preventing the same address refresh from being invalid
Window.settimeout ("Keepsession ()", 900); Call itself every 900 seconds
}
Keepsession ();
</script>
So the same directory to build an empty content of the sessionkeeper.asp file on it!
The problem is not resolved: Through the above method session should be no problem, IIS default no request cleanup session value is 20 minutes, I set the time for each interaction service is much less than this value,
But I probably spent a day more time, the session or for no reason! Depressed.
Later on the online multi-find finally found the answer: the original IIS in order to protect the server, there is a "recycling" concept! Test a half-day finally have a little general understanding (do not laugh at my vegetables ^-^).
Let's take a look at where this "recycling" is set up.
Start the Recycle tab, right--properties, Application pools, IIS Manager, one of which is the default, which is the first item: the Recycle worker process (minutes) default value is 1740 minutes, approximately 29 hours.
What does he mean by that? I personally understand: after the session.timeout 1740 minutes after the automatic removal of all the remaining session.
This value can be set to a maximum of 4000000, about more than 2,700 days! I canceled it without his automatic recovery! The problem is finally solved.
In addition, there are several other items in this property dialog box: The second item should be that the connected user exceeds a certain number of recoveries. The third item is automatically reclaimed at a certain time.
In the Performance tab, close worker process after idle this time period, this is where IIS default Session.Timeout time is set. The default value is 20 minutes,
Here the same maximum value can be set to 4000000, and the maximum value for setting session.timeout in an ASP page is 1440 different. Setting a value greater than 1440 here does not work, I did not test it,
I think it should be possible. So why is the value of session.timeout in an ASP page can be as large as 1440 in IIS properties?
Should belong to a protection mechanism: ASP page session.timeout value which user can be set, IIS only administrator can be set, the permissions of the two are different, so the scope of the setting is different.


************
in ASP. Session storage mode is not as simple as ASP, altogether provides three kinds of storage, due to the recent failure of a more than 2000 people using the Web software, the user every morning at a time of difficulty landing phenomenon, and then the session lost value appears, only restart IIS, or machine. The program is back to normal. The same problem will not occur all day, but the next day is still! This phenomenon lasted for several days, I checked the log file, the peak per second visits about 20 people, and about 100 people online, the number of visits will increase, in order to solve this strange problem, Start with the software, so three ways are applied.


Open the Web. config file


< sessionstate
Mode= "InProc"
Stateconnectionstring= "tcpip=127.0.0.1:42424"
sqlconnectionstring= "Data source=127.0.0.1; Trusted_connection=yes "
Cookieless= "false"
Timeout= "20"
/>
The default mode is the InProc type, which, like the previous ASP mode, is where the server stores session information in the IIS process, and when IIS shuts down and restarts, the process information is lost.
But the performance of this model is the highest (not exactly measured, read the book), this mode is the default way of ASP.
Due to the failure of this mode, my consideration was that the Inetinfo.exe process crashed due to excessive traffic. The user is unable to log in so that the session lost value fails,
I used another session to store the session information outside the process.
First, open the Administration tool to locate the service, find the service named "ASP. NET State Service, start it." and change it to auto-start. In the Task Manager, you can see a
A process named Aspnet_state.exe. This is the process by which we save the session information.
Then, go back to the Web. config file and change the value of mode to StateServer and save the file. Ok.
< sessionstate
Mode= "StateServer"
Stateconnectionstring= "tcpip=127.0.0.1:42424"
sqlconnectionstring= "Data source=192.10.78.76; User Id=sa;password=sa "
Cookieless= "false"
Timeout= "20"
/>
This mode when we restart IIS, the saved session value is not lost. This also allows you to keep the information in the process of other machines, but also to change
Stateconnectionstring= "tcpip=127.0.0.1:42424", the IP address is changed to another machine.
Other measures have also been taken. For example, separate the database from the Web server, the database server does not provide the Web service, the Web server does not provide the database service,
The connection pool is then enlarged, because the number of default connection pools in ASP. NET data access is 100, and then I expand to 6000 by the way.
"Server= (local);D Atabase=rgs;password=sa;user Id=sa; Max Pool Size = 6000; Min Pool Size = 5; Pooling=true "
Finally, the machine.config in the processmodel in the memorylimit to 95, the default is 60, indicating that the memory consumption of more than 60% after the IIS process will automatically restart. And then write some other ways to optimize IIS, increase the registry's IIS cache, and so on.
When I finished these optimization steps, the whole software run relatively well, the next day did not find the phenomenon of blockage, but the third day the situation appeared again, there is no way, I took the last one of the session storage methods in ASP. Store the session in SQL Server, and I think the stability should be stronger.
To use SQL Server, first run InstallSqlState.sql or installpersistsqlstate.sql on the computer of the session state of SQL Server (the default location: systemroot\ Microsoft.net\framework\versionnumber below) Two scripts create a database named ASPState. The difference between the two scripts is the placement of the aspstatetempapplication and aspstagetempsessions tables. The InstallSqlState.sql script adds these tables to the tempdb database, which loses data when the computer restarts, and the InstallPersistSqlState.sql script adds these tables to the ASPState database. The session data is preserved when the database is restarted.
Then in the application's Web. config file, set the Mode property of the < sessionstate> element to SQL Server, and finally set the sqlConnectionString property to integrated Security =sspi;data Source=servername;
< sessionstate mode= "SQL Server"
sqlconnectionstring= "Integrated security=sspi;data source=dataserver;"
Cookieless= "false"
Timeout= "/>"
</sessionstate>
If the deployment can be changed to a different machine, plus a user name and password
< sessionstate
mode= "SQL Server"
Stateconnectionstring= "tcpip=127.0.0.1:42424"
sqlconnectionstring= "Data source=192.10.78.76; User Id=sa;password=sa "
Cookieless= "false"
Timeout= "20"
/>
This deployment is complete, if you do not want to use this can be deleted, as long as the corresponding directory (systemroot\microsoft.net\framework\versionnumber) found
UninstallPersistSqlState.sql or UninstallSqlState.sql files can be run. This introduces the session storage mode in ASP.
The last thing to note is that when you use the session to convert an object, regardless of whether you use StateServer or SQL Server mode, notice that the object is serialized first, which is preceded by the class
Serializable, or there will be an error! Downloaded from: http://blog.csdn.net/stwuyiyu/article/details/8866110

How C # Sets the session expiration time

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.