Losing Session State with ASP.NET/SQL Server

Asked 11/5, 2012 at 16:12 Answered 14/5, 2012 at 12:59

Solved asp.net asp.net-mvc machinekey sql-session-state

I have a ASP.NET MVC workflow configured as two websites managed by a load balancer. The websites use Sql Server as the session state provider and have authentication switch off (its not required).

Now, sporadically I appear to be losing session state, and I believe this is because the request is being handled by the alternative server, so essentially the user is jumping from server to server, depending how the load balancer sees fit. I am not always "losing session state" at the same stage in the workflow, so I believe it is something related to the web farm configuration + sql server session state.

Both applications use the same machine key to encrypt and decrypt session state stored in sql server.

The configuration on both servers is as follows:

<authentication mode="None" />
<sessionState mode="SQLServer" sqlConnectionString="{connection-string}" />
<machineKey decryptionKey="777CB456774AF02F7F1AC8570FAF31545B156354D9E2DAAD" 
            validationKey="89B5B536D5D17B8FE6A53CBB3CA8B8695289BA3DF0B1370BC47D362D375CF91525DDB5307D8A288230DCD4B3931D23AED4E223955C45CFF2AF66BCC422EC7ECD" />

I've confirmed that this is identical on both servers, is there something I am missing?

This does not occur in my development environment when I am using a single server.

I fear I am suffering from the Friday blues, and no doubt will figure out the answer next week, sadly I don't want to wait!

Any ideas?

Wightman answered 11/5, 2012 at 16:12 Comment(2)

I did, session timeout is set to 20 minutes, and this seems to occur moving from page to page, not really spending much time on the pages at all. – Wightman 11/5, 2012 at 17:4

I ran into a similar but different issue. Wanted to add this here in case someone else has the issue and also ends up here. In the end I had to change the machineKey to specify the decryption and validation methods rather than rely on the defaults. So, when I generated the machineKey in IIS, I selected decryption 3DES and validation of HMASCHA256. The resulting configuration of <machineKey decryption="3DES" decruyptionKey="..." validation="HMASCHA256" validationKey="..." compatibilityMode="Framework20SP1" worked great. – Hydrometallurgy 9/12, 2016 at 21:15

Found the issue.

When you create applications that you expect to share session state using Sql Server, they need the same ID configured in IIS. This is because the session ID that is generated is generated based on the application ID. (Internally the application ID is something like LM/W3SVC/1

The two servers had different IDs for each application in IIS. The resolution is to change the ID under `Manage Website -> Advanced Settings' on each server.

enter image description here

Wightman answered 14/5, 2012 at 12:59 Comment(3)

I have the same problem.I also change the appID, the machineKey,But still losing session. – Carton 14/9, 2015 at 4:9

@AlexNguyen did you tried the same appID and machinekey ? – Mazurek 14/10, 2016 at 22:16

Why they need the same ID configured in IIS ? Why isn't that obvious in the documentation? Any full documentation in MSDN ? – Mazurek 14/10, 2016 at 22:18

Using IIS Manager, double-check your machine key settings at both the root and website levels.

enter image description here

Review the IsolateApps modifier on the machine key element - http://msdn.microsoft.com/en-us/library/w8h3skw9%28v=vs.100%29.aspx
Did you recently upgrade from 3.5 to 4.0?
Last resort - recycle the appPools on both machines, and restart IIS.

Following answered 11/5, 2012 at 17:22 Comment(0)

Sessions have (web) application scope. See if this MS KB helps.

In addition to matching machine keys, you also have to match the IIS configuration for sites (so it's the "same application" (application path) in IIS.

Matted answered 11/5, 2012 at 18:14 Comment(0)

Recommended topics

Hot tags