Wednesday, June 25, 2008

Solution: Session Timeout not working on Production Server in ASP.Net

Problem:

You may faced the session timeout problem on production web server after deployed the ASP.Net Web Application. Even after you have changed the Web.Config setting like

<sessionState mode="InProc" cookieless="false" timeout="300"/>


Session will get lost after default session timeout duration (20 Minutes).

You may also have tried to change the default session timeout value in IIS (Internet Information Server).

In all the above cases, session timeout value is lost after 20 Minutes (default session timeout value).


Solution:


Here is the solution to maintain the session for long period (above 20 minutes) on Production Web Server. To maintain the session, we have to refresh the website atleast before 20 minutes (e.g every 10 minutes). To refresh the website, here is the tricky solution.

ASP.Net 2.0 Web Project:

Instead of refreshing each ASPX page, we can achieve this with single webform.
Add a new webform (RefreshASPXToKeepSessionAlive.aspx) in the web project. Add the metatag information within HEADER of this web page.
E.g.

<head runat="server" >
<meta http-equiv="refresh" content="600" />
<title>Poll this page from master page to keep session alive</title>
<head>

The above META tag information says refresh the page for every 600 seconds (10 Minutes).

Master Page:

You have to call the above created page from MASTER PAGE. you can call this without affecting other web forms master design, use the hidden iframe logic like.



You have to use above iframe HTML tag outside the content placeholder.

The above technique refresh the RefreshASPXToKeepSessionAlive.aspx page from master page for every 20 Minutes. So, website will maintain the session for long period (greater than 20 Minutes) without losing.

if you got any problem on using the IFRAME tricks, add the iframe tag dynamically in HTML view instead of adding that in design time.

E.g.

<%
if (Session["IsUserLogged"] != null && ((bool)Session["IsUserLogged"]) == true)
{
Response.Write("<iframe src ='RefreshASPXToKeepSessionAlive.aspx' style ='display:none'></iframe>");
}
%>