MONO / ASP.NET Authentication Persistence

I'm deploying an ASP.NET MVC 2 application using Apache / mod_mono / MONO (2.8.1) that uses the built in ASP.NET authentication framework.

When I restart Apache, or use the mod_mono control panel to restart the mono server process, users are logged out. I don't want this occurring.

I'm using custom Profile / Membership / Role providers (that are backed by a Redis database), and these currently have a bare minimum implementation. I can not see where my problem fits in here however, but am I missing something obvious?

I notice that the .MONOAUTH cookie changes value when a user logs back in, so I guess there is some persistence that needs to happen that is not happening.

Any solutions 开发者_如何学Goor pointers to the relevant documentation would be great!

NOTE: I'm not sure if the information below differs when you're using a Membership Provider -- it may be that session state is persisted by the Membership Provider itself.

It's likely that you're using "in-process" session state storage. This means that whenever you restart the web server process, you're clearing out all the session information stored in the web server process's memory space.

To avoid wiping out session information, you can move to using an out-of-process session state server, either running as an in-memory service (see below for the Mono version) or on SQL Server. Otherwise there are also a number of unofficial custom session store providers that use alternative storage mechanisms (e.g. MongoDB etc.)

I found what you may want, which is this Mono ASP.NET Session State Server: http://manpages.ubuntu.com/manpages/gutsy/man1/asp-state2.1.html

As a first step, take a look in your web.config at the system.web -> sessionState property. If it's set to mode="InProc" then there's your problem. It should look more like:

<sessionState 
 mode="StateServer"
 stateConnectionString="tcpip=server:port"
 stateNetworkTimeout="number of seconds"/>

Solution: set the validationKey and decryptionKey manually:

<machineKey validationKey="blahblah" decryptionKey="blahblah" />

I think this is probably a bug in mono that these take on different values over server resets when auto-generated (which is the default).