FOLLOW UP : Forms Authentication Randomly Times Out (Windows 2003)

[Pete]

Hi,
I didn't get any responses from the first post I made about this so I've
done a bit more investigation but I'm still having problems (but only in
Production (Win 2003) not development (XP Pro)). This leads me to think it's
a server config issue rather than code problem. Anyway here's the
problem....hope you can help.

My logged on users are randomly kicked out of my secure pages well before
the auth cookie expires. The persist cookie is working as I can see it
stored in the browser cache. Apparently their Forms Authenicated session has
expired however & there seems to be no pattern as to when it expires.

The standard user "Session" appears to be fine and lasts for the configured
length in Web.Config.

Here's what I've tried....

Changing the Forms Cookie name & Timeout.
Checking all code (it works exactly as expected on my XP Pro box)
Asked hosting provider if they broke it (said they didn't)

Is it possible that a setting in Machine.Config could be causing me these
issues? If so what section would it be?

Any ideas at all would be appreciated as I'm really stuck with this and my
users are not so happy.


thanks for looking

Pete

[Joe Audette]

I'm also seeing some evidence that when this occurs, that
Context.User is not an object, the problem seems to be
random and momentary, that is a few seconds later
Context.User is resolved as an object if the user tries
the page again.


To clarify, we are also using forms authentication.

>-----Original Message-----
>Hi,
>I didn't get any responses from the first post I made

about this so I've

>done a bit more investigation but I'm still having

problems (but only in

>Production (Win 2003) not development (XP Pro)). This

leads me to think it's

>a server config issue rather than code problem. Anyway

here's the

>problem....hope you can help.
>
>My logged on users are randomly kicked out of my secure

pages well before

>the auth cookie expires. The persist cookie is working

as I can see it

>stored in the browser cache. Apparently their Forms

Authenicated session has

>expired however & there seems to be no pattern as to

when it expires.

>
>The standard user "Session" appears to be fine and lasts

for the configured

>length in Web.Config.
>
>Here's what I've tried....
>
>Changing the Forms Cookie name & Timeout.
>Checking all code (it works exactly as expected on my XP

Pro box)

>Asked hosting provider if they broke it (said they

didn't)

>
>Is it possible that a setting in Machine.Config could be

causing me these

>issues? If so what section would it be?
>
>Any ideas at all would be appreciated as I'm really

stuck with this and my

>users are not so happy.
>
>
>thanks for looking
>
>Pete
>
>
>
>
>
>.
>

[Pete]

Hi Joe,

Thanks for the reply. I've tested and I don't seem to be able to resume a
session again after being redirected back to the logon page.

I've tried pretty much everything, the only thing could be........has your
server got the Microsoft Security patch " Q813380"
[url]http://support.microsoft.com/?kbid=813380[/url] installed? I seemed to have these
problems after this patch was applied (can't be 100% sure though). Although
it doesn't sound like it should affect anything I guess anything is
possible. If you do have this patch could you let me know and I'll then try
applying to my XP dev box here to see if the issue can be replicated.

thanks

Pete



"Joe Audette" <respondtojoe_audette@yahoo.com> wrote in message
news:0fee01c3be76$a9841590$a501280a@phx.gbl...

> I am having the same apparent problem using framework 1.1
> on win2k server. User's randomly get sent to the login
> page when they are not logged out. Although they get sent
> to the login page they are not really logged out, if they
> click a link to the page they were on they get right back
> in without logging in again. You might check and see if
> your situation is the same, that is are they truly logged
> out or just directed to the login page.
>
> Best Regards,
>
> Joe Audette

> >-----Original Message-----
> >Hi,
> >I didn't get any responses from the first post I made

> about this so I've

> >done a bit more investigation but I'm still having

> problems (but only in

> >Production (Win 2003) not development (XP Pro)). This

> leads me to think it's

> >a server config issue rather than code problem. Anyway

> here's the

> >problem....hope you can help.
> >
> >My logged on users are randomly kicked out of my secure

> pages well before

> >the auth cookie expires. The persist cookie is working

> as I can see it

> >stored in the browser cache. Apparently their Forms

> Authenicated session has

> >expired however & there seems to be no pattern as to

> when it expires.

> >
> >The standard user "Session" appears to be fine and lasts

> for the configured

> >length in Web.Config.
> >
> >Here's what I've tried....
> >
> >Changing the Forms Cookie name & Timeout.
> >Checking all code (it works exactly as expected on my XP

> Pro box)

> >Asked hosting provider if they broke it (said they

> didn't)

> >
> >Is it possible that a setting in Machine.Config could be

> causing me these

> >issues? If so what section would it be?
> >
> >Any ideas at all would be appreciated as I'm really

> stuck with this and my

> >users are not so happy.
> >
> >
> >thanks for looking
> >
> >Pete
> >
> >
> >
> >
> >
> >.
> >

[Joe Audette]

It doesn't look like we have that patch on our server.
We're not using FrontPage extensions. I'll be interested
to hear if you ever find a fix. I was not able to so I
had to scrap the automatic re-direction to login from the
web.config files and code my own checks and re-direction.
The difference with the login may be because we are using
win2k server, but the problem started suddenly after
running a long time with no problems. Its like the server
loses the session state context intermittently.
I've been trapping errors where references to
Context.User results in a not an instance of an object
error, but then just a fraction of a second later in my
exception handler I'm able to determine who the user is
by Context.User
Weird!!! I wish the Microsoft guys would respond to this
but I guess they won't until it affects more users.

Best Regards,

Joe

>-----Original Message-----
>Hi Joe,
>
>Thanks for the reply. I've tested and I don't seem to be

able to resume a

>session again after being redirected back to the logon

page.

>
>I've tried pretty much everything, the only thing could

be........has your

>server got the Microsoft Security patch " Q813380"
>[url]http://support.microsoft.com/?kbid=813380[/url] installed? I

seemed to have these

>problems after this patch was applied (can't be 100%

sure though). Although

>it doesn't sound like it should affect anything I guess

anything is

>possible. If you do have this patch could you let me

know and I'll then try

>applying to my XP dev box here to see if the issue can

be replicated.

>
>thanks
>
>Pete
>
>
>
>"Joe Audette" <respondtojoe_audette@yahoo.com> wrote in

message

>news:0fee01c3be76$a9841590$a501280a@phx.gbl...

>> I am having the same apparent problem using framework

1.1

>> on win2k server. User's randomly get sent to the login
>> page when they are not logged out. Although they get

sent

>> to the login page they are not really logged out, if

they

>> click a link to the page they were on they get right

back

>> in without logging in again. You might check and see if
>> your situation is the same, that is are they truly

logged

>> out or just directed to the login page.
>>
>> Best Regards,
>>
>> Joe Audette

>> >-----Original Message-----
>> >Hi,
>> >I didn't get any responses from the first post I made

>> about this so I've

>> >done a bit more investigation but I'm still having

>> problems (but only in

>> >Production (Win 2003) not development (XP Pro)). This

>> leads me to think it's

>> >a server config issue rather than code problem. Anyway

>> here's the

>> >problem....hope you can help.
>> >
>> >My logged on users are randomly kicked out of my

secure

>> pages well before

>> >the auth cookie expires. The persist cookie is working

>> as I can see it

>> >stored in the browser cache. Apparently their Forms

>> Authenicated session has

>> >expired however & there seems to be no pattern as to

>> when it expires.

>> >
>> >The standard user "Session" appears to be fine and

lasts

>> for the configured

>> >length in Web.Config.
>> >
>> >Here's what I've tried....
>> >
>> >Changing the Forms Cookie name & Timeout.
>> >Checking all code (it works exactly as expected on my

XP

>> Pro box)

>> >Asked hosting provider if they broke it (said they

>> didn't)

>> >
>> >Is it possible that a setting in Machine.Config could

be

>> causing me these

>> >issues? If so what section would it be?
>> >
>> >Any ideas at all would be appreciated as I'm really

>> stuck with this and my

>> >users are not so happy.
>> >
>> >
>> >thanks for looking
>> >
>> >Pete
>> >
>> >
>> >
>> >
>> >
>> >.
>> >

>
>
>.
>

[Pete]

Well there goes my theory on the patch.

My site was same, worked flawlessly for months then all of a sudden I get
this issue.
Strangly it is still ok on my XP box so I know it's not code. I still want
ot use the built
in Forms authentication rather than code my own but if Microsoft can't help
out (hint hint)
then I might have to rewite it all.

One other thing I did notice last night was that I could re-establish a
session after closing the browser and re-opening again. I guess this just
shows that the cookie has been persisted correctly and can still
authenticate the user. Unfortunatley I still got a random timeout a few
minutes later......

Another option I was thinking of was moving hosting provider, could be just
a way my host has configured something, but I'm not 100% sure.

I'll let you know if this ever gets sorted, but I'm not holding my breath as
it's been the best part of a month now.

Microsoft please help us........

regards

Pete

--
Cheers

Pete

XBOX Live Leagues & Tournaments
[url]http://www.xboxracing.net/[/url]
"Joe Audette" <respondtojoe_audette@yahoo.com> wrote in message
news:1153501c3bf69$73e059a0$a601280a@phx.gbl...

> It doesn't look like we have that patch on our server.
> We're not using FrontPage extensions. I'll be interested
> to hear if you ever find a fix. I was not able to so I
> had to scrap the automatic re-direction to login from the
> web.config files and code my own checks and re-direction.
> The difference with the login may be because we are using
> win2k server, but the problem started suddenly after
> running a long time with no problems. Its like the server
> loses the session state context intermittently.
> I've been trapping errors where references to
> Context.User results in a not an instance of an object
> error, but then just a fraction of a second later in my
> exception handler I'm able to determine who the user is
> by Context.User
> Weird!!! I wish the Microsoft guys would respond to this
> but I guess they won't until it affects more users.
>
> Best Regards,
>
> Joe

> >-----Original Message-----
> >Hi Joe,
> >
> >Thanks for the reply. I've tested and I don't seem to be

> able to resume a

> >session again after being redirected back to the logon

> page.

> >
> >I've tried pretty much everything, the only thing could

> be........has your

> >server got the Microsoft Security patch " Q813380"
> >[url]http://support.microsoft.com/?kbid=813380[/url] installed? I

> seemed to have these

> >problems after this patch was applied (can't be 100%

> sure though). Although

> >it doesn't sound like it should affect anything I guess

> anything is

> >possible. If you do have this patch could you let me

> know and I'll then try

> >applying to my XP dev box here to see if the issue can

> be replicated.

> >
> >thanks
> >
> >Pete
> >
> >
> >
> >"Joe Audette" <respondtojoe_audette@yahoo.com> wrote in

> message

> >news:0fee01c3be76$a9841590$a501280a@phx.gbl...

> >> I am having the same apparent problem using framework

> 1.1

> >> on win2k server. User's randomly get sent to the login
> >> page when they are not logged out. Although they get

> sent

> >> to the login page they are not really logged out, if

> they

> >> click a link to the page they were on they get right

> back

> >> in without logging in again. You might check and see if
> >> your situation is the same, that is are they truly

> logged

> >> out or just directed to the login page.
> >>
> >> Best Regards,
> >>
> >> Joe Audette
> >> >-----Original Message-----
> >> >Hi,
> >> >I didn't get any responses from the first post I made
> >> about this so I've
> >> >done a bit more investigation but I'm still having
> >> problems (but only in
> >> >Production (Win 2003) not development (XP Pro)). This
> >> leads me to think it's
> >> >a server config issue rather than code problem. Anyway
> >> here's the
> >> >problem....hope you can help.
> >> >
> >> >My logged on users are randomly kicked out of my

> secure

> >> pages well before
> >> >the auth cookie expires. The persist cookie is working
> >> as I can see it
> >> >stored in the browser cache. Apparently their Forms
> >> Authenicated session has
> >> >expired however & there seems to be no pattern as to
> >> when it expires.
> >> >
> >> >The standard user "Session" appears to be fine and

> lasts

> >> for the configured
> >> >length in Web.Config.
> >> >
> >> >Here's what I've tried....
> >> >
> >> >Changing the Forms Cookie name & Timeout.
> >> >Checking all code (it works exactly as expected on my

> XP

> >> Pro box)
> >> >Asked hosting provider if they broke it (said they
> >> didn't)
> >> >
> >> >Is it possible that a setting in Machine.Config could

> be

> >> causing me these
> >> >issues? If so what section would it be?
> >> >
> >> >Any ideas at all would be appreciated as I'm really
> >> stuck with this and my
> >> >users are not so happy.
> >> >
> >> >
> >> >thanks for looking
> >> >
> >> >Pete
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >.
> >> >

> >
> >
> >.
> >

[Brian Scott]

Not much to add beyond what has been said, just want to add my comapny
as one affected by this. We are seeing the same problem recently
after the application ran fine for a number of months. The server is
Win2k and we are using Forms Authentication. There sems to be no
pattern to the users being redirected to the login page. I'll have
them test the next time if they are indeed logged out or just
redirected.



"Joe Audette" <respondtojoe_audette@yahoo.com> wrote in message news:<027f01c3be79$52504b60$a101280a@phx.gbl>...

> I'm also seeing some evidence that when this occurs, that
> Context.User is not an object, the problem seems to be
> random and momentary, that is a few seconds later
> Context.User is resolved as an object if the user tries
> the page again.
>
>
> To clarify, we are also using forms authentication.
>