Managing Sessions in a Classic ASP/Windows 2008 R2 Server environment
Hi All
I'm using a dedicated server for my classic asp site and the IIS part is all new to me!
I use sessions to moderate the security of the site, but because this site uses a lot of ajax stuff on pages and/or the users leave the site for quite a while, I'm having quite of a few timeout issues that the user is none the wiser on until they physically click to go to another page in the site. FYR, when they do a new page and the session is gone I bounce them back to the login page.
I was toying with an alternative method to using sessions (no idea what), but I really like the simplicity of it and don't want to change.
My problem is I don't know if I should increase the session timeout from the default (20 mins) to something higher (is this a bad thing?? if so, why?) and also I don't know if this new thing I've read about, ie application pool idle timeout, is actually overriding what I put in the session timeout anyway!!
Currently the app pool idle time is set to 5 mins - is this a good thing?
Apols for being a newbie, but I **think** if I can sort out these two values I'm sorted.
session variables are good if you are using them for a small site, as the sessions are stored in the computer's memory.
However when your site is heavily hit, the session memory quickly fills up, thereby getting time out as described above.
Its best to use cookies to track user login and if you have an ssl cert, you can use secure cookies. I advise you revamp your site and adapt them to cookies
The reason your sessions are getting reset is because your app pool idle time I think. when app pools are reset in iis (recycled) all the sessions are also lost
Reply With Quote
Bookmarks