Forums (Obsolete)

Kentico Legend

Brenden Kehren - 7/8/2013 10:06:21 AM

SQL Server Session State

I've got a Kentico v7.0.40 website running on Windows Server 2008 R2 with a SQL 200 ASPSession database to store my session state in. The problem I'm having is the website is creating new sessions on the average of one per second. This is causing problems with the size of the session database.

This was working great from when I implemented it back in September 2012 until I updated from v7.0.28 to hotfix 40 on June 19. After June 19, looking at the page analytics and CMSSiteManager dashboard the statistics are weird and show very high numbers even though we are still in development and I know there are only 10-20 people hitting the site on a very infrequent basis.

My page view statistics on my test site (which only 3 people have access to) are:
Views of content pages: 1082
File downloads and views: 59
Vies of system pages: 62
Non-page requests: 450
Number of pages not found: 1
Pending requests: 1

And this is only after the application has been up for 23 minutes with 1 person accessing it. Is there a possibility of some web.config setting or scheduled task?

Does anyone else have a web farm setup with SQL Server session management setup having the same issues?


Kentico Support	kentico_jurajo - 7/9/2013 2:38:00 AM RE:SQL Server Session State Hi, This sounds really strange. This indicates that there is something wrong with cookies. How many people are accessing (just to be sure - only 3?) the system and from what browsers? Are the cookies enabled in those browsers? Best regards, Juraj Ondrus

Kentico Legend

Brenden Kehren - 7/9/2013 8:19:58 AM

RE:SQL Server Session State

My web.config looks like so:

<add name="SessionState" connectionString="Data Source=server;User Id=aspstatesa;Password=1234;"/>
<sessionState cookieless="UseCookies" mode="SQLServer" sqlConnectionString="SessionState" timeout="60" />

I'm forcing the app to use cookies regardless. I did find there was a SQL Agent job that wasn't running which clears up the expired session values which helps but why do I still have so many sessions being created when there is only 3 users (yes only 3 plus any sessions Kentico needs or creates for scheduled tasks or other system maint) on the system at any given time?


Kentico Support	kentico_jurajo - 7/10/2013 2:41:35 AM RE:SQL Server Session State Hi, What is your cookie level set (cookies)? When you check the session cookie and its ID - is it still the same? Are the requests made with the same ID or new ID? Could you please check it e.g. using FireBug? Also, could you please try using the key described in session management? Best regards, Juraj Ondrus

Kentico Legend

Brenden Kehren - 7/10/2013 7:52:58 AM

RE:SQL Server Session State

We don't have the cookie law web part on our site or enforced. Is there a way to set this outside of the web part? I didn't see anything in the documentation. What I did was added the cookie law consent web part to my master page and set to accept all cookies for all 3 areas. I also set it so the messages are not displayed. I reset the application, truncated the session state database table and in less than 5 minutes I have 442 rows and growing by the second. When I shut the website down in IIS, the records stop being created in the session database table. When I access another website I have using the same session database, it creates 1 record per person logging in.

As far as the key you mentioned for session management, that appears to be a security feature and by default wouldn't create another session record because it's using the same session from public user to after a user logs in.

In regards to checking the session ID, it is the same from the time I access the page, to after logging in, and logging out. It seems that there is something running in the background creating these sessions. Because from roughly 5-10 seconds after I restart the application records start pouring into the session database table.

Kentico Support

kentico_jurajo - 7/11/2013 7:28:51 AM

RE:SQL Server Session State

Hi,

This is really strange. Have you tried using e.g. Fiddler to see what requests are being made and what is being sent to the SQL server?

Does this happen for every browser you use (just a theory - if there is some plugin in the browser that may interact somehow with the page and send requests...)? The other site - you mean different Kentico CMS instance and web site?

Best regards,
Juraj Ondrus

Kentico Legend

Brenden Kehren - 7/11/2013 8:07:55 AM

RE:SQL Server Session State

Thats the weird thing is I don't even have to open a browser and navigate to the site. I simply restart IIS and have ensured the other 2-3 people have not navigated to the site and can see session records being created at the rate of 1-5 per second. So although I'd like to think it was a browser issue (plugin or otherwise) I've already ruled that out. If there is monitoring like PRTG or Wireshark on a server/site could this cause this? I know those two tools are used but don't believe they are enabled for this particular site.


Kentico Support	kentico_jurajo - 7/11/2013 8:13:37 AM RE:SQL Server Session State So, you do not even start the CMS application? I would use e.g. Fiddler or other network monitoring tools to see what is going on there and what requests are being made and from where. Best regards, Juraj Ondrus


Kentico Legend	Brenden Kehren - 7/11/2013 9:44:34 AM RE:SQL Server Session State I stop IIS and restart it and the records start flowing without even accessing the site.


Kentico Support	kentico_jurajo - 7/11/2013 10:16:55 PM RE:SQL Server Session State Hi, In this case, we need to see some logs from some network monitoring tool - what requests are being made and from where. I think Fiddler should be able to handle this too. Best regards, Juraj Ondrus


Kentico Legend	Brenden Kehren - 7/11/2013 10:19:26 PM RE:SQL Server Session State I'll work on that. I had fiddler running on my local machine and didn't see anything unusual. I'm not able to install it on the server.