I started with the default ASP.net MVC 3 application and I got the following

Question

0

Asked: June 10, 20262026-06-10T13:50:16+00:00 2026-06-10T13:50:16+00:00

I started with the default ASP.net MVC 3 application and I got the following

0

I started with the default ASP.net MVC 3 application and I got the following in the web.config file:

   <authentication mode="Forms">
     <forms loginUrl="~/Account/LogOn" timeout="2880" />
  </authentication>
    <machineKey/>
  <profile defaultProvider="DefaultProfileProvider">
     <providers>
        <add name="DefaultProfileProvider"
             type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
             connectionStringName="DefaultConnection"
             applicationName="/"/>
     </providers>
  </profile>
  <membership defaultProvider="DefaultMembershipProvider">
     <providers>
        <add name="DefaultMembershipProvider"
             type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" 
             connectionStringName="DefaultConnection" 
             enablePasswordRetrieval="false" 
             enablePasswordReset="true" 
             requiresQuestionAndAnswer="false" 
             requiresUniqueEmail="false" 
             maxInvalidPasswordAttempts="5"
             minRequiredPasswordLength="6" 
             minRequiredNonalphanumericCharacters="0"
             passwordAttemptWindow="10" 
             applicationName="/"                 
            />
     </providers>
  </membership>
  <roleManager enabled="true" defaultProvider="DefaultRoleProvider">
     <providers>
        <add connectionStringName="DefaultConnection"
             applicationName="/"
             name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
     </providers>
  </roleManager>
  <sessionState mode="InProc" customProvider="DefaultSessionProvider">
     <providers>
        <add name="DefaultSessionProvider"
             type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
             connectionStringName="DefaultConnection"
             applicationName="/"/>
     </providers>
  </sessionState>

Testing locally – everything works fine – I go to lunch, come back, make an ajax call to one of my controllers (where authentication is required) and it works.

I deploy on the hosting web server – I go to lunch, come back, make an ajax call to a controller -> it turns out I am no longer logged in – :(.

Hmm…
Now from what I can figure out the server’s app pool recycled so my session data got deleted.

I’ve been trying to figure out what are the changes that I have to make, configuration & code wise, to avoid this kind of scenario but I can’t find this info anywhere, or maybe I’m not asking the right question.

How can I ensure that the user’s session is maintained (he remains logged in) when the app pool recycles?