I lost the Session variables in asp.net MVC

Question

I lost the Session variables in asp.net MVC

Navigation

#1 by (2 votes)

0

After having started the session, all the session variables are suddenly deleted. For example, I agree:

[HttpPost]
    public ActionResult Login(MembersViewModels user)
    {

        if (ModelState.IsValid)
        {
            if (Isvalid(user.email, user.password))
            {
                Session["usuario"] = "nombre_usuario";
                Session["tipo_usuario"] = "administrador";
                FormsAuthentication.SetAuthCookie(user.email, false);
                return RedirectToAction("Index", "Usuario");
            }
            else
            {
                ViewData["MensajeErrorAcceso"] = "Error: su email o contraseña es incorrecta";
                //ModelState.AddModelError("", "Login data is incorrect!");
            }
        }
        return View(user);
    }

these variables Session ["user"], Session ["user_type"] are erased.

There is some way to keep the session variable, or prevent it from being lost or at least give the user more time.

I've tried this on the webconfig of the project:

<sessionState mode="InProc" cookieless="true" regenerateExpiredSessionId="true" timeout="20" />

but it adds an encrypted code to the url that prevents me from accessing, even though I am with the correct credentials.

In any case, in MVC, you have two webconfing, one that is in the view, and another in the project. If I had to modify something in the webconfig, what would it be?

c# asp.net-mvc asp.net-mvc-5

asked by Danilo 11.09.2016 в 18:20

source

1 answer

NullReferenceException when passing parameter value by method get from JavaScript function Query to show user data and show quantity

score 2 · Accepted Answer

There are several things that can cause the session to mysteriously disappear.

The waiting time for the session has expired. SessionTimeout

You have updated your web.config or another type of file that causes your AppDomain (the application domain) to be recycled.

The AppPool in IIS has been recycled.

You have updated your site with a large number of files, and ASP.NET has proactively destroyed the AppDomain to recompile and preserve memory.

To configure the expiration time of the session, you can use the web.config. Remember that the expiration is specified in minutes.

<system.web>
 <sessionState mode="InProc" cookieless="false" timeout="80" />
</system.web>

If you are using IIS 7 or 7.5, here are some things you can look for:

By default, IIS requires that the AppPools be turned off after a period of inactivity.
By default, IIS states that AppPools are recycled every 1740 minutes (obviously depending on the root configuration, otherwise the default value is taken).
In IIS, check out the "Advanced Settings" of your AppPool. There is a property called "Idle Timeout" or Idle Time-out . Set the value to zero or to a number greater than the default value (20).
In IIS, check the "recycling" settings of the AppPool. Here you can activate or deactivate the AppPool to be recycled.

If you are updating the files in your web application, you should be aware that all sessions will be lost. However, you may not be aware that this may happen several times. If you update 15 or more files (aspx, dll, etc), there is a good chance that you will have several restarts over a period of time, since these pages are recompiled as users access the site. Reference * link * link

In that case, you must adjust the number of compilations before a reboot ( numCompilesBeforeAppRestart ) to a higher number (or manually restart the AppPool).

Additionally, you can handle the Application_SessionStart and Application_SessionEnd events to be notified when a session is created or terminated.

        protected void Application_Start()
        {
            System.Diagnostics.Debug.WriteLine("Application_started");  //write console
            AreaRegistration.RegisterAllAreas();

            RegisterRoutes(RouteTable.Routes);

        }

        protected void Session_End(object sender, EventArgs e)
        {
            System.Diagnostics.Debug.WriteLine("Session_End"); //write console
        }

        protected void Session_Start(object sender, EventArgs e)
        {
            System.Diagnostics.Debug.WriteLine("Session_Start"); //write console
        }

        protected void Application_End()
        {
            System.Diagnostics.Debug.WriteLine("Application_ended"); //write console
        }

On the other hand, the HttpSessionState class also has a IsNewSession property that can be checked in any request ( request ) to determine if it is You have created a new session for the active user.

public ActionResult OtraAccion()
{

    if (Session.IsNewSession)
    {                    
            FormsAuthentication.SignOut(); //just in case not done yet
            Session.Abandon();
            return RedirectoToAction("Timeout");
    }
    return View(user);
}

Finally, if possible in your scenario, use a session mode external (Out of proc) as SQL Server or a state server (State Server). link