Set the session expiration time

Session Persistence: Some people say that session. Timeout =-1 is set, or the number is smaller than 0. This method is definitely not feasible. The session computing time is measured in minutes and must be an integer greater than or equal to 1. Some people say that session. Timeout is set to 99999. This is also not possible, and the session has the maximum time limit. After testing, I found that the maximum value is 24 hours. That is to say, you can set the maximum value of session. Timeout = 1440,1441. My testing environment: win2003 + iis6.0 + asp3.0.

<Sessionstate mode = "StateServer" stateconnectionstring = "TCPIP = 127.0.0.1: 42424" sqlconnectionstring = "Data Source = 127.0.0.1; trusted_connection = yes "cookieless =" false "timeout =" 60 "> </sessionstate>

Therefore, it is impossible to set the expiration time of session. timeout to never expire the session. Writing cookies is a good method. There are also many such tutorials on the Internet. I will not talk about them here! In addition, it is used to set the hidden IFRAME in the page to keep the session (this time is less than the time of session. Timeout) to refresh the blank page in the new frame! The implementation method is as follows:

Add <IFRAME width = 0 Height = 0 src = "/blog/sessionkeeper. asp">
</Iframe>

Create the sessionkeeper. asp file in the same directory. <HTML>
<Head>
<Meta http-equiv = "refresh" content = "900000; url = sessionkeeper. asp">
<! -- Refresh yourself every 900 seconds. In order to communicate with the server, the session will not be lost. -->
</Head>
</Html>

This method is still quite straightforward. There is also a similar method as above, but it is not a method that uses Meta to automatically commit new nested IFRAME. He uses javassscript: window. setTimeout ("functionname ()", 10000); the method for automatically calling a function at the interval of time. Of course, the function still needs to connect to an empty file. The specific method is as follows:

Add <SCRIPT id = back Language = JavaScript> </SCRIPT>

<Script language = JavaScript>
Function keepsession (){
Document. All ["back"]. src = "/blog/sessionkeeper. asp? Randstr = "+ math. Random ();
// Here randstr = math. Random is only used to make the values of back. SRC different each time, so as to prevent invalid refresh of the same address.
Window. setTimeout ("keepsession ()", 900000); // call itself every 900 seconds
}
Keepsession ();
</SCRIPT>

In this way, you can create a sessionkeeper. asp file with empty content in the same directory!

The problem persists: the above method should be fine for session persistence. By default, the value of session clearing without request in IIS is 20 minutes, the time I set for each interaction service is much smaller than this value. However, after more than one day, the session is lost for no reason! Depressed.

Later, I finally found the answer on the Internet: in order to protect the server, IIS had a concept of "Recycling! After testing for half a day, I finally got a general understanding (don't laugh at me ^-^ ). First, let's see where this "recycle" is set.

Start IIS Manager-> ApplicationProgramPool-> right-click-> properties-> recycle tab. One of the items takes effect by default, that is, the first item: "recycle Worker Process (minutes)". The default value is 1740 minutes, about 29 hours. What does he mean? I personally understand: After session. Timeout, all the remaining sessions will be automatically cleared in 1740 minutes. This value can be set to 4000000 at most, which is more than 2700 days! I canceled it directly. I don't need it to be recycled automatically! The problem is finally solved.

In addition, this property dialog box contains the following items:

The second option should be that the number of connected users exceeds a certain amount for recovery.

The third item is automatic recovery at a certain time.

On the "performance" tab, "Disable working processes after idle for this period". This is where the default session. Timeout time of IIS is set. The default value is 20 minutes. The maximum value can be set to 4000000, which is different from the maximum value of session. Timeout on the ASP page. Here, I want to set whether a value greater than 1440 works. I didn't test it. I think it should work. So why is the maximum value of session. Timeout on the ASP page only 1440 that can be set in the IIS attribute? It should belong to a protection mechanism: ASP page session. the timeout value can be set by any user, but only the administrator can set it in IIS. the permissions of the two are different, so the Set range is different.