silomonline
New Member
I have an application running using asp.net authentication and SQL Server sessionState mode. For some reason, the session seems to never expire one one of our environment.This is an extract from the web.config file:\[code\]<sessionState mode="SQLServer" timeout="1" allowCustomSqlDatabase="true" partitionResolverType="Microsoft.Office.Server.Administration.SqlSessionStateResolver, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" sessionIDManagerType="Lanap.BotDetect.Persistence.CustomSessionIDManager, Lanap.BotDetect, Version=2.0.15.0, Culture=neutral, PublicKeyToken=74616036388b765f" />\[/code\]As you can see, the application is hosted in a load balanced MOSS2007 instance, so it has a custom SQL parameter for the sessionState DB.From my exploration of SO, the most common problem with this seems to be a disabled SQL Server Agent or a missing/not running SQL Server Agent job.I am positive that it is not the case here. I went to the ASPStateTempSessions table which hosts the sessions, and checked that its behaviour is coherent. When I login to my website, a line is created with a session id, and 1 to 2 minutes later it is destroyed (session expired). But if I then return to my website, and refresh it, instead of being logged out, I'm still logged in. If I then go to the ASPStateTempSessions table again, a new line is created with the same session id.As far as I can tell, session ids survive weeks... Rebooting the computer where the browser is doesn't change anything. Clearing the cookies does. Obviously the cookie in the browser is triggering the recreation of the session on the server.Also, I am positive that I am not running in cookieless mode. First I can see the cookie in my browser, and also the URL it goes to does not include a sessionId (which I was led to understand is a discriminating criteria to know if one is running a cookieless session).I have several environments. One is working (our Live server), one is not (our Demo server). When comparing both web.config files, the difference that is most likely to mean something is this:Live server:\[code\]<authentication mode="Forms"> <forms loginUrl="/_layouts/ClientPortal/login.aspx" /></authentication>\[/code\]Demo server:\[code\]<authentication mode="Forms"> <forms loginUrl="/_layouts/ClientPortal/login.aspx" name=".ASPXAUTH" domain=".shlsolutions.net" protection="All" path="/" timeout="2880" /></authentication>\[/code\]The reason for this difference is that the application needs to be able to use cross-domain authentication on the demo environment.I am quite sure something has to be changed in the web.config file, but I don't really know what. Can you help me with that?