session-state

I am investigating a problem with our website that uses SQL server to manage sessions. The website is asp.net webforms based around the sitecore CMS. We have the same code in various environments e.g. QA, staging, and production. In production, what we are seeing is, periodically, we get a rapidly rising CPU usage that does not correlate in any way to traffic to the server. Along with this cpu spike, we are seeing a corresponding spike in network I/O. Our monitoring software does not differentiate between traffic out to the internet and traffic to the DB server; however, what we are seeing on

Assuming I'm rolling my own session code, what's the right way to generate a unique and secure session id cookie in java. Should I not be rolling my own but using something that's already been standardized? I'm using gwt and the google app-engine platform. How do I make sessions persist across browser/server restarts? Using Servlet Sessions in GWT In the remote service implementation class: String jSessionId=this.getThreadLocalRequest().getSession().getId(); In the client code: String jSessionId=Cookies.getCookie("JSESSIONID"); Enabling_Sessions appengine-web.xml <sessions-enabled>true<

I have an application that was written in vanilla ASP.NET that I would like to port over to ASP.NET MVC. I, however, am confused about the right place to persist objects. I need to persist for a couple reasons: I would like all to have a single database connection, wrapped in a "repository" or "manager" style object. Each user has a user object that needs to be saved on a per-session basis. Normally, I would say that #1 would be saved as a static item in the Globals.asax that can be hit using Global.Repository or similar. And I would normally say that #2 should be a property with a session

It seems some web architects aim to have a stateless web application. Does that mean basically not storing user sessions? Or is there more to it? If it is just the user session storing, what is the benefit of not doing that? tster Reduces memory usage . Imagine if google stored session information about every one of their users Easier to support server farms . If you need session data and you have more than 1 server, you need a way to sync that session data across servers. Normally this is done using a database. Reduce session expiration problems . Sometimes expiring sessions cause issues that

I have a handler, like this, using IRequiresSessionState: public class MyHandler : IHttpHandler, IRequiresSessionState { // code } In the code, I am able to read and set Session values. I also check ensure that the caller is logged in. That all works fine. The web site uses forms authentication, so in the web.config, I have this: <authentication mode="Forms"> <forms loginUrl="Login.aspx" timeout="10" slidingExpiration="true"></forms> </authentication> The problem is that AJAX calls from the client to the server code MyHandler do not extend the life of the session! So even if the user is busy

Is there any good reason why ASP.NET's session state cookie and the Forms Authentication cookie are two separate cookies? What if I want to "tie" them to each other? Is it possible in an elegant way? Right now, I am stuck with the following solution, which works, but is still ugly: [Authorize] public ActionResult SomeAction(SomeModel model) { // The following four lines must be included in *every* controller action // that requires the user to be authenticated, defeating the purpose of // having the Authorize attribute. if (SomeStaticClass.WasSessionStateLost/*?*/) { FormsAuthentication

I store session parameters in a Struts2 session map that I get in my actions using the SessionAware interface. My Application is in the /MyApp path. After setting up the struts2 application on an Apache server with an inverse proxy redirect that makes the URL http://www.appdomain.com/ point to my local tomcat on localhost:8080/MyApp , Struts2 session handling doesn't work anymore. I expect that the session cookies are stored for the Struts2 context of http://localhost:8080/MyApp instead of http://www.appdomain.com/ ... Is there a solution in Struts2 configuration? Or in programmatically

i just want to redirect user to Home Page(Default.aspx) when session has been expired in asp.net 3.5. i just do it with web user control but steel it's not work perfectly. so i just want to do it with web.config. <authentication mode="Forms"> <forms loginUrl="~/SignIn.aspx" protection="All" timeout="2880" path="/" /> </authentication> Is this technique works in .net 3.5 framework application. If you are using form authentication then you don't have to write any custom code. For session timeout settings are provided by Framework itself. Just change the configuration file as mentioned below :