lost session

We have an iiS 6.0 server and a classic ASP application but randomly some
users lost sessions and have to logon to the server again.
I have disabled any option of recycling app pools, I have session timeout
set to 60 minutes and I have Web Garden set to 1. However there are users
(not always the same, and not always doing the same things) that lost
sessions variables in a few minutes.

I've bben working on this issue for two weeks but I haven`t found any
solution yet.

Does anyone have any idea of what could be happening or where can I find any
information that could help me?

Re: lost session

"Juan Bautista" wrote in message
news:4FBC6AEC-9758-4796-B31E-C203ECE3ABEE@microsoft.com...
> We have an iiS 6.0 server and a classic ASP application but randomly some
> users lost sessions and have to logon to the server again.
> I have disabled any option of recycling app pools, I have session timeout
> set to 60 minutes and I have Web Garden set to 1. However there are users
> (not always the same, and not always doing the same things) that lost
> sessions variables in a few minutes.
>
> I've bben working on this issue for two weeks but I haven`t found any
> solution yet.
>
> Does anyone have any idea of what could be happening or where can I find
any
> information that could help me?

Anything in the event logs that might give you a clue?

Is it possible clients opened new windows on to a new instance of the
browser they were using? Or took other actions that may have resulted in
the loss of the session cookie?

Does the web server run anti-virus software?

--
Anthony Jones - MVP ASP/ASP.NET

Re: lost session

"Anthony Jones" wrote:

> "Juan Bautista" wrote in message
> news:4FBC6AEC-9758-4796-B31E-C203ECE3ABEE@microsoft.com...
> > We have an iiS 6.0 server and a classic ASP application but randomly some
> > users lost sessions and have to logon to the server again.
> > I have disabled any option of recycling app pools, I have session timeout
> > set to 60 minutes and I have Web Garden set to 1. However there are users
> > (not always the same, and not always doing the same things) that lost
> > sessions variables in a few minutes.
> >
> > I've bben working on this issue for two weeks but I haven`t found any
> > solution yet.
> >
> > Does anyone have any idea of what could be happening or where can I find
> any
> > information that could help me?
>
> Anything in the event logs that might give you a clue?
>
> Is it possible clients opened new windows on to a new instance of the
> browser they were using? Or took other actions that may have resulted in
> the loss of the session cookie?
>
> Does the web server run anti-virus software?
>
> --
> Anthony Jones - MVP ASP/ASP.NET
>
>
>
In the event log everyting seems to be ok. I have logged the cookie in the
iis logs and I have written an asp than gives me the sessionID in the server
in order to compare both values but the cookie sent by client that iis logs
is encrypted so we can´t compare it.

I don´t think that may be a problem with the browser because sometimes it
has happend to users with only one window opened, they log on and after one
or two minutes receive the session cancelled message. Then they try again and
everytihng works fine.

I'm really lost with this problem, and my users begin to be very irritate.

Re: lost session

"Juan Bautista" wrote in message
news:29F5D0BB-84F4-422A-9A7A-811FB1F1444E@microsoft.com...
>
>
> "Anthony Jones" wrote:
>
> > "Juan Bautista" wrote in
message
> > news:4FBC6AEC-9758-4796-B31E-C203ECE3ABEE@microsoft.com...
> > > We have an iiS 6.0 server and a classic ASP application but randomly
some
> > > users lost sessions and have to logon to the server again.
> > > I have disabled any option of recycling app pools, I have session
timeout
> > > set to 60 minutes and I have Web Garden set to 1. However there are
users
> > > (not always the same, and not always doing the same things) that lost
> > > sessions variables in a few minutes.
> > >
> > > I've bben working on this issue for two weeks but I haven`t found any
> > > solution yet.
> > >
> > > Does anyone have any idea of what could be happening or where can I
find
> > any
> > > information that could help me?
> >
> > Anything in the event logs that might give you a clue?
> >
> > Is it possible clients opened new windows on to a new instance of the
> > browser they were using? Or took other actions that may have resulted
in
> > the loss of the session cookie?
> >
> > Does the web server run anti-virus software?
> >
> > --
> > Anthony Jones - MVP ASP/ASP.NET
> >
> >
> >
> In the event log everyting seems to be ok. I have logged the cookie in the
> iis logs and I have written an asp than gives me the sessionID in the
server
> in order to compare both values but the cookie sent by client that iis
logs
> is encrypted so we can´t compare it.
>
> I don´t think that may be a problem with the browser because sometimes it
> has happend to users with only one window opened, they log on and after
one
> or two minutes receive the session cancelled message. Then they try again
and
> everytihng works fine.
>
> I'm really lost with this problem, and my users begin to be very irritate.

I'm not sure what a 'session cancelled message' is?

It does sound like the app pool is recycling or some other reset that
requires a new process to be spun up.

Another possible cause is code somewhere is calling Session.abandon.

Another possibility, how does code in ASP pages detect that the session has
been reset? (Typically a UserID in the session object not being set).
Could code be accidentally destroying that value?


--
Anthony Jones - MVP ASP/ASP.NET

Re: lost session

"Anthony Jones" wrote:

> "Juan Bautista" wrote in message
> news:29F5D0BB-84F4-422A-9A7A-811FB1F1444E@microsoft.com...
> >
> >
> > "Anthony Jones" wrote:
> >
> > > "Juan Bautista" wrote in
> message
> > > news:4FBC6AEC-9758-4796-B31E-C203ECE3ABEE@microsoft.com...
> > > > We have an iiS 6.0 server and a classic ASP application but randomly
> some
> > > > users lost sessions and have to logon to the server again.
> > > > I have disabled any option of recycling app pools, I have session
> timeout
> > > > set to 60 minutes and I have Web Garden set to 1. However there are
> users
> > > > (not always the same, and not always doing the same things) that lost
> > > > sessions variables in a few minutes.
> > > >
> > > > I've bben working on this issue for two weeks but I haven`t found any
> > > > solution yet.
> > > >
> > > > Does anyone have any idea of what could be happening or where can I
> find
> > > any
> > > > information that could help me?
> > >
> > > Anything in the event logs that might give you a clue?
> > >
> > > Is it possible clients opened new windows on to a new instance of the
> > > browser they were using? Or took other actions that may have resulted
> in
> > > the loss of the session cookie?
> > >
> > > Does the web server run anti-virus software?
> > >
> > > --
> > > Anthony Jones - MVP ASP/ASP.NET
> > >
> > >
> > >
> > In the event log everyting seems to be ok. I have logged the cookie in the
> > iis logs and I have written an asp than gives me the sessionID in the
> server
> > in order to compare both values but the cookie sent by client that iis
> logs
> > is encrypted so we can´t compare it.
> >
> > I don´t think that may be a problem with the browser because sometimes it
> > has happend to users with only one window opened, they log on and after
> one
> > or two minutes receive the session cancelled message. Then they try again
> and
> > everytihng works fine.
> >
> > I'm really lost with this problem, and my users begin to be very irritate.
>
> I'm not sure what a 'session cancelled message' is?
>
> It does sound like the app pool is recycling or some other reset that
> requires a new process to be spun up.
>
> Another possible cause is code somewhere is calling Session.abandon.
>
> Another possibility, how does code in ASP pages detect that the session has
> been reset? (Typically a UserID in the session object not being set).
> Could code be accidentally destroying that value?
>
>
> --
> Anthony Jones - MVP ASP/ASP.NET
>
>
>Thanks for your response Anthony

I've disabled every option concerning app pool recycliing in IIS, so this
is not the problem.

As you say we check for a "" value in the UserID to see is the varibles are
still on. Perhaps it could be a problem with the code but then, why does it
happen in a random way and in differents asp pages? If it was a problem of
code it always happen in the same place or doing the same things isn't it? or
I'm wrong.

Regards.

Re: lost session

"Juan Bautista" wrote:

>
>
> "Anthony Jones" wrote:
>
> > "Juan Bautista" wrote in message
> > news:29F5D0BB-84F4-422A-9A7A-811FB1F1444E@microsoft.com...
> > >
> > >
> > > "Anthony Jones" wrote:
> > >
> > > > "Juan Bautista" wrote in
> > message
> > > > news:4FBC6AEC-9758-4796-B31E-C203ECE3ABEE@microsoft.com...
> > > > > We have an iiS 6.0 server and a classic ASP application but randomly
> > some
> > > > > users lost sessions and have to logon to the server again.
> > > > > I have disabled any option of recycling app pools, I have session
> > timeout
> > > > > set to 60 minutes and I have Web Garden set to 1. However there are
> > users
> > > > > (not always the same, and not always doing the same things) that lost
> > > > > sessions variables in a few minutes.
> > > > >
> > > > > I've bben working on this issue for two weeks but I haven`t found any
> > > > > solution yet.
> > > > >
> > > > > Does anyone have any idea of what could be happening or where can I
> > find
> > > > any
> > > > > information that could help me?
> > > >
> > > > Anything in the event logs that might give you a clue?
> > > >
> > > > Is it possible clients opened new windows on to a new instance of the
> > > > browser they were using? Or took other actions that may have resulted
> > in
> > > > the loss of the session cookie?
> > > >
> > > > Does the web server run anti-virus software?
> > > >
> > > > --
> > > > Anthony Jones - MVP ASP/ASP.NET
> > > >
> > > >
> > > >
> > > In the event log everyting seems to be ok. I have logged the cookie in the
> > > iis logs and I have written an asp than gives me the sessionID in the
> > server
> > > in order to compare both values but the cookie sent by client that iis
> > logs
> > > is encrypted so we can´t compare it.
> > >
> > > I don´t think that may be a problem with the browser because sometimes it
> > > has happend to users with only one window opened, they log on and after
> > one
> > > or two minutes receive the session cancelled message. Then they try again
> > and
> > > everytihng works fine.
> > >
> > > I'm really lost with this problem, and my users begin to be very irritate.
> >
> > I'm not sure what a 'session cancelled message' is?
> >
> > It does sound like the app pool is recycling or some other reset that
> > requires a new process to be spun up.
> >
> > Another possible cause is code somewhere is calling Session.abandon.
> >
> > Another possibility, how does code in ASP pages detect that the session has
> > been reset? (Typically a UserID in the session object not being set).
> > Could code be accidentally destroying that value?
> >
> >
> > --
> > Anthony Jones - MVP ASP/ASP.NET
> >
> >
> >Thanks for your response Anthony
>
> I've disabled every option concerning app pool recycliing in IIS, so this
> is not the problem.
>
> As you say we check for a "" value in the UserID to see is the varibles are
> still on. Perhaps it could be a problem with the code but then, why does it
> happen in a random way and in differents asp pages? If it was a problem of
> code it always happen in the same place or doing the same things isn't it? or
> I'm wrong.
>
> Regards.
>

I'm getting this problem sporadically on three unrelated apps on three
different servers (all hosted by different companies). We only received
reports of it happening last week.

The symptom I am seeing is the server will occasionally send back a new
session ID cookie. Subsequently, the browser will continue to send back
several session cookies and the server will randomly choose between the
sessions.

I am currently in discussions with the hosting providers to find common
factors. In particular looking into the app pool worker process numbers to
make sure they're all at 1 process.

The fact that the sessions that apprently get 'replaced' get dug up again on
subsequent requests indicates they aren't being totally recycled.