View Full Version : Session Ending Prematurely

07-16-2007, 02:50 PM
Can anyone tell me why my sessions are ending prematurely and not at the time that is set.

07-16-2007, 04:44 PM
Please provide some code so that we can see what the problems is...

In the meantime, check that your bowser accepts cookies...especially, from the domain your website is currently hosted on.

Note: Some anti-virus, firewalls, anti-phishing...etc applications sometimes disallow cookies from being set...even when your browser is set to accept them. Therefore, check if any of the installed applications are preventing your browser from accepting cookies. Also, I would recommend that you use more than one browser to investigate this problem further.

07-16-2007, 06:37 PM
The sessions are server side not client side. There really isn't any code to post. The only code is Session.Timeout = 60, which is in my global.asa file. I've tried using other browsers, but since this is a server side issue that really isn't an issue. I just need to know why my asp sessions are ending prematurely. What would make the session.timeout value randomly change between 20 and 60 minutes? We host our own site and I'm having this problem internally and externally. I'm also not writing cookies to the clients machine.

07-16-2007, 09:53 PM
true, cookies are client side and sessions are server side...but when a session starts...by default, a cookie will be created on the client machine which should contain a unique id of the active session.

If you are using IIS6 there is a known problem with the number of active cookies IIS6 can handle in one time. Basically, IIS6 uses connection pooling to store values associated with every web application request. If pool gets overloaded, some variables including session variables will be dropped...and sometimes a session will be restarted.

there is also another symptom to this problem if you are running more than one subdomain on the same server. Please read this thread for more information.

There is also another symptom to the problem...and it is to do with another application (i.e. Anti-virus scanning the Global.asa file, or the software you are using to create the website...among others) access the Global.asa file when IIS6 is running. Here is a more elaborate explanation to this problem and how to resolve it


Please also see this web page which discusses many issues in relation to session in asp applications

07-16-2007, 10:15 PM
By default IIS6 sets the Session timeout to 20 minutes. You can change this in IIS manager and totally ignore the Global.asa file. Just change the connection timeout property. Remember that this is set in seconds.

PS Sessions in ASP Classic are held in UnWritten Cookies. In other words the Session ID is stored in a chunk of memory on the users machine and each time the page is requested, IIS looks at that Session ID and then compares it to what is saved in memory on the server for that Session ID. If the user turns off cookies entirely they will not have any session information available to them. This is why some sites will persist the session id as part of the querystring.

07-16-2007, 10:32 PM
Now that's funny! If you compare the usernames on the webdeveloper.com thread you'll find that it's my thread. I tried there first and got a lot of feedback, but was unable to fix the problem. Anyway, I looked at the other sites you posted and I've made some changes to my server, however it will take some time to check and see if they made any difference. I'll let you know tomorrow probably. You mentioned a problem IIS6 has with handling to many cookies. How many are you talking about? I've only got about 25 to 50 people active on this server at the same time. Thanks for the help!

I've got the IIS configuration, the ASP configuration, the ASP global configuration, and the Session.Timeout property set to 60 minutes. None of those are set by seconds though, did I miss one somewhere? Can you tell me exactly where? I also create a new session id value that I carry in a Session variable and use throughout the site to track who's going where. It only disappears when the session dies. I've never lost that value prematurely. Thanks for your help!

07-16-2007, 11:17 PM
In IIS Manager you should set the timeout Property to 3600 to equal 60 minutes

60 minutes x 60 seconds = 3600

07-17-2007, 03:56 PM
Are you talking about in the Site Properties, Home Directory tab, Application Configuration, Options tab? If so my settings say to enter the Session Timeout as minutes. It does say to enter the ASP Script Timeout in seconds.