I created a new MVC3 application and placed it on a WinHost base plan.
The essence of the problem is that the boundaries of the application pool memory are reached, and each InProc session is erased, that is, my users log out.
According to their documentation, I see the following:
http://support.winhost.com/KB/a626/how-to-enable-aspnet-sql-server-session-on-your-web.aspx
Here is the contents of my web.config after following the steps above:
<?xml version="1.0"?> <configuration> <connectionStrings> </connectionStrings> <appSettings> <add key="webpages:Version" value="1.0.0.0"/> <add key="ClientValidationEnabled" value="true"/> <add key="UnobtrusiveJavaScriptEnabled" value="true"/> </appSettings> <system.web> <sessionState mode="SQLServer" allowCustomSqlDatabase="true" cookieless="false" timeout="2880" sqlConnectionString="data Source='tcp:s407.winhost.com';database='DB_41_xx';user id='DB_11_xx_user'; password='xx';" /> <trust level="Full"/> <compilation debug="true" targetFramework="4.0"> <assemblies> <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </assemblies> </compilation> <authentication mode="Forms"> <forms loginUrl="~/" timeout="2880"/> </authentication> <membership> <providers> <clear/> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/> </providers> </membership> <profile> <providers> <clear/> <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/> </providers> </profile> <roleManager enabled="false"> <providers> <clear/> <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/> <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/> </providers> </roleManager> <pages> <namespaces> <add namespace="System.Web.Helpers"/> <add namespace="System.Web.Mvc"/> <add namespace="System.Web.Mvc.Ajax"/> <add namespace="System.Web.Mvc.Html"/> <add namespace="System.Web.Routing"/> <add namespace="System.Web.WebPages"/> </namespaces> </pages> </system.web> <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35"/> <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0"/> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral"/> <bindingRedirect oldVersion="0.0.0.0-4.0.8.0" newVersion="4.0.8.0"/> </dependentAssembly> </assemblyBinding> </runtime> </configuration>
Here lies the problem:
My users are still logging in after a while. I thought using SQL for the session would prevent this problem.
Here is the corresponding bit of code on how I register my users with:
[HttpPost] public ActionResult Login(LogOnModel model) { using (EfAccountRepository accountRepository = new EfAccountRepository()) { if (accountRepository.ValidateCredentials(model.Email, model.Password)) { FormsAuthentication.SetAuthCookie(model.Email, true); return RedirectToAction("Index", "Home"); } } ModelState.AddModelError("", "Your email or password is incorrect."); return View(model); }
And here is what code I use to find out if the user is logged in:
public static MvcHtmlString AdminDashboardLink() { if (SecurityHelpers.UserIsPartOfCompany(HttpContext.Current)) { string html = "<li><a href='/Admin'>ADMIN DASHBOARD</a></li>"; return new MvcHtmlString(html); } else { return new MvcHtmlString(""); } } public static bool UserIsPartOfCompany(HttpContext context) { if (!context.Request.IsAuthenticated) return false; using (EfAccountRepository accountRepository = new EfAccountRepository()) { var loggedInUser = accountRepository.FindByEmail(context.User.Identity.Name); string[] userRoles = accountRepository.GetRolesForUser(loggedInUser.AccountId); return userRoles.Contains("Editor") || userRoles.Contains("Finance") || userRoles.Contains("Administrator"); } }
Any suggestions? Maybe my web.config is hacked and this is causing problems. Perhaps I also needed to delete something after adding to the session information?