Asp net Session overlapping issue

Ivan Luevano Guerrero 21 Reputation points
2022-06-22T23:08:32.173+00:00

I have similar situation to this https://social.msdn.microsoft.com/Forums/en-US/f20747c3-9565-45d4-b9b5-4a6d13538fde/problem-overlapping-users-sessions?forum=iissecurity

Sometimes session variables are overlapping, the answer proposed in previous link looks good, but I would like to be clear that solution will not affect my session variables, I mean when I select expire web content = immediately, does not erase the session variables right ?

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,168 questions
{count} votes

Accepted answer
  1. Albert Kallal 4,486 Reputation points
    2022-06-23T00:59:55.387+00:00

    That means to blow out and destroy the session variables - yes, that looks to be reset of session.

    It might fix the overlapping issue, but doing that will erase all session that currently exists for all users.

    In other words, it might fix the overlapping problem, but also going to re-set any user on the web site. I think a better solution would be to re-start the web server.

    Keep in mind that if your hosting has switched to some type of cloud based "server farm", then in-memory session can't really be used anymore, since when one page is requested, it could be dished out by any of 20 existing web servers, and those 20 existing web servers don't share memory, and hence don't share session. Of course with SQL server based session management, then they all hit and use the sql server database for session, so it will work just fine.

    I have always found when nasty session issues crop up? I just dump memory based session(), and simple turn on and add SQL server based session management. Once I done this, then session() becomes rock solid, never fails, and can even survive a app-pool re-start (which can OFTEN occur if some code on the web site errors out, and will cause a app-pool re-start). Have not tested, but even a web site re-start will still return existing session.

    In addition to the above, if you using a server farm, or load balancing between several servers, then you HAVE to adopt sql server based session management anyway (memory between the servers can't and is not shared anyway).

    So, while memory based session can and does work quite well, I simple gave up on that choice. Turn on and adopt SQL server session based management, and session will become rock solid.

    Of course the only real big downside?
    The whole system can and will take a performance hit - maybe 10%. So, it really depends on how high of a user load your web server system has now. In the vast majority of cases, I never noticed much difference.

    Do note that some testing should be done, since with SQL server based session management, then objects are serialized before saving into sql server (this is all automatic - no code changes required).

    However, in some case, I have found some objects would all of a sudden not work. A good example I recall was placing a data row into session. Data rows can't be serialized (why I have no idea!!!). So, some code can be effected by this choice, but it rather rare in my experience. (that one lone case - I just changed to using a datatable with one row as opposed to using session() and shoving in a data row object).

    Regards,
    Albert D. Kallal (Access MVP 2003-2017)
    Edmonton, Alberta Canada


1 additional answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 52,491 Reputation points
    2022-06-23T02:40:20.713+00:00

    If session variables are shared between users this typically caused by the coding error of storing the values in static (shared in vb) variables.

    If session is lost between requests on a web farm, this typically means a shared encryption key is used on the farm.

    If you combine the two, you will get really odd results.

    1 person found this answer helpful.