Session Timeouts Causes and Remedies

I have been exploring Session Timeouts in ASP.Net for some time now. Those of you working on Web Applications would have surely experienced unexpected timeouts resulting in abrupt restart of the application, many a times these timeouts apparently occur for no specific reason.

Here, I present a brief checklist that may come in handy while dealing with such issues

Causes for Session Timeout could vary from-

  1. Modification in Machine.Config, Web.Config or Global.asax files
  2. Application's bin directory or its contents modified 
  3. Antivirus is running on the  .config /.aspx files
  4. The number of re-compilations (aspx, ascx or asax) exceeds the limit specified by the <compilation numRecompilesBeforeAppRestart=/> setting in machine.config or web.config  (by default this is set to 15) 
  5. The physical path of the virtual directory is modified 
  6. The CAS policy is modified
  7. Sub-Directories of Application are deleted or renamed

New to ASP.Net 2.0  -The 7th point of Sub directories.  i.e. Whenever you delete or rename a sub-directory of your application, the application domain is recycled, terminating all users' sessions (and the cache, etc). This is a big performance hit. This behavior affects dramatically sites that allow document publishing, to the point where they stop functioning. Imagine a situation where a request creates a thread that goes through sub-directories of the application and deletes / renames them - without knowing about this 2.0 application domain recycling policy, chances are that the worker thread in question will not complete because the domain is recycled and the thread aborted. 

Huge Performance Hit

Above results in recycling of Application Domain. At the next request all assemblies need to be reloaded, the cache including any in-proc session variables etc. are empty causing a big performance hit for the application.
Remedies/ solutions

  1. App domain restarts

    If you suspect app domain restarts (i.e. your sessions seem to expire without obvious reasons), you will be interested to know when the restarts happen and what's causing them.

    In ASP.Net 2.0 add the following element in global web.config file (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) as a child of the <healthMonitoring><rules> elements:



    <add name="Application Lifetime Events Default"  eventName="Application Lifetime Events"

    provider="EventLogProvider"  profile="Default"  minInstances="1" maxLimit="Infinite"

                      minInterval="00:01:00"  custom="" />



    This will log system events that provide the time and the reason of the restart (such as: Application is shutting down. Reason: Configuration changed.)
    In ASP.Net 1.1, see-

    Logging ASP.NET Application Shutdown Events in ASP.Net 1.1  
  2. If the timeout error message reads as follows:

    "System.Web.HttpException: Request timed out."

    Check for  <httpRuntime executionTimeout/> in appication's Web.config file
    executionTimeout - Specifies the maximum number of seconds that a request is allowed to execute before being automatically shut down by ASP.NET.

    You can change this setting in machine.config to affect all applications on your site, or you can override the settings in your application-specific web.config as follows: 


         <httpRuntime executionTimeout="900" />


    Note: This time-out applies only if the debug attribute in the compilation element is False. If the debug attribute is True, to help avoiding application shut-down while you are debugging, do not set this time-out to a large value.

    The default values in seconds-

    In the .NET Framework 2.0 = 110.
    In the .NET Framework 1.0 and 1.1= 90.
  3. Set the Session timeout in IIS Manager in default website also.
    Go to IIS Manager, right click on the virtual directory and choose properties.
    Now go to virtual directory tab, click Configuration button.
    A dialog box will appears. Choose AppOptions tab. Set the session timeout that u need. This will solve the problem. If you are getting the same problem again then set the same thing for Default WebSite also.
  4. Remove the session timeout check in IIS, then the timeout will be read from the web.config.
  5. Add following code in the web.config of your application file under <system.web>

    <sessionState cookieless="false" timeout="330"/>
  6. For random session timeouts, timeout occurring before the value set in sessionstate and idle timeouts, check if the application pool in IIS 6.0 has any 'Memory recycling' values selected and they are set up to some low sizes both for virtual or used memoray. 

    Ex-If 200 Mb is set and the application reaches this limit in 5 minutes, the recycle happens and any sessions will be thus killed sooner than expected. See the figure below

  7. Exclude Antivirus scanning from the IIS/ASP.NET default folders and your application folders.
    • C:\WINDOWS\system32\inetsrv
    • C:\WINDOWS\assembly\GAC_32
    • C:\WINDOWS\Microsoft.NET\Framework\ (this should cover all versions of framework)
    • Any application directory containing web.config files, global.asax, .net assemblies. 

Similar Articles