Home/ Questions/Q 9167501
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T15:24:22+00:00

I have a Asp.Net web application running on Windows 2008 R2 (IIS 7.5). I

  • 0

I have a Asp.Net web application running on Windows 2008 R2 (IIS 7.5). I have two servers WWW1 and WWW2 and the DNS records are set up for round robin DNS for “www”. I increased the AppPool timeout and the Session State timeout settings so users don’t get logged out after 20 minutes. However I’ve noticed users are getting logged out randomly. I think what is happening is the user goes to http://www.foo.com and logs in and then afterward some time the round robin navigates them to the opposite server in the cluster (WWW1 or WWW2) where the cookie was not created and therefore prompts them for a login.

How can I get this to work and still keep my high availability solution using round robin DNS?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The issue here is each server maintains its own session state in memory and doesn’t know about sesssions created on the other server.

    To get around this, instead of using the default InProc session state provider you’ll need to use the StateServer or SQLServer session state providers.

    To do this you’ll need to make sure the ASP.NET state service is running on one of your servers and then you’ll need to add the following configuration item to the system.web section of your application’s web.config file, replacing ‘SampleStateServer’ with the name of the server you are running the ASP.NET state service on:

        <sessionState mode="StateServer"
      stateConnectionString="tcpip=SampleStateServer:42424"
      cookieless="false"
      timeout="20"/>

    Microsoft’s documentation on this is available at http://msdn.microsoft.com/en-us/library/ms178586.aspx

    Because you are running this in a web farm you’ll also need to make sure the web applications on both servers are using the same encryption keys.

    For this you’ll need to set a machineKey entry in the web.config whic involves adding an entry like the following to the system.web section of the web.config:

    <machineKey validationKey="4D0590A0E4DE163BAD0EEEB6747467D770CD5FB2EA95BF02B27787A45CA579DECB01E2A1F16563DBAB44C1C0E54C7E53D65F2A7D0FDF378F4D3702B3F2C8B165" decryptionKey="928771D7B1B8C32608F56AC428EC5902985F6FB2E6E9A78733B6EAA493FA13F5" validation="SHA1" decryption="AES" />

    There are several websites which will generate keys for you. I typically use http://aspnetresources.com/tools/machineKey

    If you want to use the SQLState provider instead, http://msdn.microsoft.com/en-us/library/ms178586.aspx has all the configuration information under the ‘Sql Server Mode’ section of the page. The setup for that is slightly more involved as you have to configure a database in which you will store the state.

    • 0