ASP.NET MVC membership - user being logged out frequently - don't know why

StackOverflow https://stackoverflow.com/questions/16306694

Domanda

I have an ASP.NET MVC 4 web application. Running locally, it works fine, but on the web host (which uses shared hosting), the logged on user is frequently logged out by being redirected back to the home page. In most cases, the user is logged out after performing only a few actions.

The web host suggested that my application could be using up too much memory but I used a program to profile the memory usage and I confirmed that it wasn't using excessive amounts of memory - in fact the application seems to use a fraction of the allocated memory on the web host.

Here is the logon method that is used: 

    public static Boolean Login(string Username, string Password, bool persistCookie  = false)
    {

        bool success = Membership.ValidateUser(Username, Password);
        if (success)
        {
            FormsAuthentication.SetAuthCookie(Username, persistCookie);
        }
        return success;
    }

In my web host, the forms authentication timeout is set to 60 minutes, so that shouldn't be an issue, right? 

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="60" />
</authentication>

and my session state timeout value is also set to 60 minutes: 

<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="60">

Based on the answer here, I added this line also, which didn't seem to solve the issue: 

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps"></machineKey>

Any ideas to what the problem might be and what I can do to solve the problem?

È stato utile?

Soluzione

Your sessions are not timing out. The IIS is crashing. Since you are using in memory sessions, every time IIS crashes, your sessions are gone and the user gets logged out. You should check the server's event views and look into details of errors to find out what the error is.

Altri suggerimenti

I set my timeout to 2880 in the authentication timeout for web.config and I also set the sessionState before closing system.web

<sessionState timeout="1440"></sessionState>

This will keep the session active for 24 hours.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top