1

I have an old web application which formerly ran on a windows 2003 server. When I moved it to a new Windows 2008 server, I started receiving an error that I never had before. The app uses a windows login. Upon accessing the app, the user is asked for their login. After that, they are free to use to application. However, the issue is that after using it for some time, the user will be booted out and asked to login again. The system is also much slower than it was previously. It is operating on IIS7. It seems to me that there is a loss of session variables occurring, but I am unsure about why that would be the case.

Interestingly, when the user logs in again, they can generally use the application for a longer period of time before being booted out and asked to log in again. It is also worth mentioning that it seems like the more users there are on the server, the less prominent the issue is.

It is also worth mentioning that I tried moving the application to another 2008 server, and it worked perfectly fine on that one. This leads me to believe that the issue lies somewhere in the settings on the server. I looked at the settings of the two 2008 servers side-by-side and noted the differences, but was incapable of finding a difference that would cause this sort of error. One difference that might be worth noting is that the server which does not work properly is 32 bit, whereas the server which does works is 64 bit. Although, I don't see how that difference could lead to the application having a loss of session variables, but still working otherwise.

Additional information:

  • The code in the application on each server is identical, so that leads me to believe that the error is on the server level and not within the application itself.
  • Given that the code is identical, I do not believe this to be a result of Session.Abandon() being called from anywhere.
  • I do not believe this is due to a session timeout.
  • I have read that other people experience a loss of session variables due to app pool recycling, and that often the app pool recycling is from the config files being accessed (whether it be from a user or from something like an anti-virus software). I have no reason to believe that this is the case here, because all servers are under the same anti-virus and the application works fine on them.
  • On the server which works, the IIS authentication setting are set such that windows authentication is disabled and that anonymous authentication is enabled. Whereas, on the other server, the opposite is true.

Any help with this issue would be appreciated.

Thank you.

Gabe Steffe
  • 157
  • 14
  • It could still potentially be application pool recycling even if it's not being triggered by anti-virus. I believe app pool recycle events show up somewhere in the Windows Event log so it's worth checking. http://stackoverflow.com/questions/9984604/how-to-find-app-pool-recycles-in-event-log – Nanhydrin Jan 08 '16 at 16:29

1 Answers1

1

Make sure your app pool is running under 4.0 .Net Framework and also check your application pool identity. When your using 7.0 iis, make sure you use integrated mode.

T.Kwak
  • 28
  • 11