IIS7 and Classic ASP Sessions

4
votes

I've got an old web app written in Classic ASP which used to run on an IIS6 server no problem, then long story short, I moved it onto a Linux server running SunOne ASP which also worked fine (after a couple of minor tweaks), and now in a bid to access some 3rd party COM controls the app originally used, I've moved it back again to a Windows server, this time 2008 running IIS7.

On the whole the app works fine, but there seems to be a random problem now with the session variables getting lost. The implication of this is that the user gets automatically logged out of the system.

It's all pretty simple stuff, and just uses the a session variable to hold the logged in status (as well as a couple of other bits and pieces).

If Session("login_status") <> "loggedin" Then 
 Response.Status="302 Object moved"
 Response.Redirect "/admin/default.asp"
End If

The app is running on a shared hosting server, and what I'm worried about more than anything else is why this is happening, mostly so if I have to host any other ASP apps on the same platform I'm not going to run into similar problems.

Could this be because IIS7 is recycling the application pool and wiping out any session data in the process? And if that's the case, what could be done about it, short of course of writing my own state management/session handler routine, which is next on the cards if all else fails?

6
iis-7asp-classicsession
Is it all users that lose session all at the same time, or just an individual or two?AnthonyWJones
Unsure on that one as it's used in a distributed way, and not everyone uses it at the same time. Everyone experiences the problem though.bristle_ike

6 Answers

4
votes

thanks for your hint regarding the (IIS 7.5) 'application pool's (advanced settings) -> Idle Time-out (group: Process Model)'!

For my Classic ASP site that lost the current session all the time the individual application pool it uses for 'Idle Time-out (minutes)' had a (default?) setting of 5 minutes. I changed this to a higher value and it seems fine now. As this currently is a test system with me as the only test user causing traffic the "Idle Time-Out" seemed to apply after me doing nothing on the site for longer than 5 minutes.

regards ASDev

3
votes

You should be sure you're not running a web garden where no garden is wanted. In your App Pool settings, under Process Model, look at "Maximum Worker Processes". If the value is greater than "1", you may have the issue you describe. I know I did.

Read about Web Gardens here: http://geekswithblogs.net/vkamat/archive/2004/11/17/15145.aspx

1
votes

You should talk to your hosting company. It sounds very much like your pool is a being recycled. The host ought to keep a log of these and the reason that they were generated.

You should also ask whether you site shares a pool with other sites.

1
votes

Not sure if it's applicable in this instance, but if you're running on IIS7 and redirecting between SSL and non SSL pages there may be different sessions in classic depending on the site configuration properties. In IIS, review the "ASP" section "Session Properties" - there will be a setting for "New ID on Secure Connection" that may be the culprit.

1
votes

This happened to me! It was solved by setting the property Maximum Worker Processes to the value 1 in an application pool in IIS.

0
votes

Could be the worker process getting recycled but that should only happen intermittantly not regularly (ie every 12 hours or earlier if the server is getting hammered).

Long shot but are you using IE8 when you get the problem, we've had a similar problem with IE8 dropping cookies and for now we've been sending the "behave like ie7" header that you can send down with the request (ASP with JScript btw):

// Force IE8 to act as IE7...grumble
Response.AddHeader( "X-UA-Compatible", "IE=EmulateIE7" );

And in the head of all our page:

<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"/>

This might be a red herring though