ASP.NET MVC membership - user being logged out frequently - don't know why

Asked 30/4, 2013 at 18:33 Answered 21/8, 2016 at 4:9

Solved asp.net-mvc asp.net-mvc-4 asp.net-membership membership-provider shared-hosting

I have an ASP.NET MVC 4 web application. Running locally, it works fine, but on the web host (which uses shared hosting), the logged on user is frequently logged out by being redirected back to the home page. In most cases, the user is logged out after performing only a few actions.

The web host suggested that my application could be using up too much memory but I used a program to profile the memory usage and I confirmed that it wasn't using excessive amounts of memory - in fact the application seems to use a fraction of the allocated memory on the web host.

Here is the logon method that is used:

    public static Boolean Login(string Username, string Password, bool persistCookie  = false)
    {

        bool success = Membership.ValidateUser(Username, Password);
        if (success)
        {
            FormsAuthentication.SetAuthCookie(Username, persistCookie);
        }
        return success;
    }

In my web host, the forms authentication timeout is set to 60 minutes, so that shouldn't be an issue, right?

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="60" />
</authentication>

and my session state timeout value is also set to 60 minutes:

<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="60">

Based on the answer here, I added this line also, which didn't seem to solve the issue:

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps"></machineKey>

Any ideas to what the problem might be and what I can do to solve the problem?

Theaterintheround answered 30/4, 2013 at 18:33 Comment(0)

Your sessions are not timing out. The IIS is crashing. Since you are using in memory sessions, every time IIS crashes, your sessions are gone and the user gets logged out. You should check the server's event views and look into details of errors to find out what the error is.

Verisimilar answered 21/8, 2016 at 4:9 Comment(0)

I set my timeout to 2880 in the authentication timeout for web.config and I also set the sessionState before closing system.web

<sessionState timeout="1440"></sessionState>

This will keep the session active for 24 hours.

Garbage answered 30/4, 2013 at 20:2 Comment(5)

I have both set to 60 currently, which I understand is 60 minutes, which should be more than enough time. I increased the timeout value to a larger number to see if that would make any difference... but it doesn't. – Theaterintheround 30/4, 2013 at 20:23

How long is it before it times out, or does it appear to be coming from a specific page or controller? – Garbage 30/4, 2013 at 20:42

I'd say it the user session remains valid for no longer than 1 or 2 minutes... sometimes more, sometimes less. It doesn't seem to matter which controller is being invoked. – Theaterintheround 30/4, 2013 at 21:31

How does this differ from the timeout attribute on the forms tag (sub-tag of authentication in system.web?) – Perhaps 14/5, 2013 at 21:3

#1471277 – Garbage 14/5, 2013 at 21:16

Recommended topics

Hot tags