I’ve been dealing with the realm of an ASP .Net application recently, and one of the requirements was that the session state should last for up to 60 minutes, which sounded straight forward enough, just whack the following in web.config:
Which works fine in theory, however after leaving the site idle for 20 minutes, the session state suddenly goes away.
After much hair pulling, I finally stumbled accross the Idle Process setting in IIS under the Application Pool configured for the website.
By default this is set to 20 minutes, and as the default Session State is in-process, it gets wiped when the worker process is recycled. On a deployed website this probably wouldn’t be an issue as regular requests will keep the process alive, however in a single user testing environment this can obviously cause a problem when trying to test a session timeout greater than 20 minutes.
So there are two solutions to this:
1) Increase the Idle Process timeout setting
2) Use an out of process Session State (StateServer or SQLServer)
The second option simply requires that anything stored in the state be serialisable, and that you enable the ASP .Net StateServer process, although there is a slight cost as the objects have to be serialised and deserialised for each request.
For now I’ve simply increased the Idle Process timeout setting, however it’s definately worth looking at using an out of process Session State as the Worker Process will still be restarted occasionally (Although also configurable) to ensure the health of the web server.
Not sure I totally agree with the approach of reliability through restarts, but I guess it’s at least somewhat foolproof.