ASP.NET Session Expiration

I have an ASP.NET web application that, for whatever reason, when it is deployed on any IIS server, will behave like the pages are cached and it simply never posts back to the server.

For example, navigate to the login page, enter credentials, click the login button, and it's back to the login page you go, with the form fields cleared. The information is not getting submitted back to the server. The postback is not executing. It seems the browser is simply restoring the original page from cache.

I found this article that says I need to put something in the ASP.NET session state in order for the session to remain valid.

When a user connects to an ASP.NET application, a开发者_StackOverflow社区 unique session ID will be affiliated with the user. If nothing is put in the session however, no cookie will be sent to the browser. This means that the user will get a new session ID the next time a new url is open or the page is refreshed. If something is put on the session (HttpContext.Current.Session["Hello] = "hello") however, ASP.NET will issue a cookie called ASP.NET_SessionId. This cookie contains the user's session ID and the cookie will expire at the end of the session (when you close your browser).

I will try what that article recommends, as I had not been storing anything in the session.

I have also added expiration headers to the page:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetNoStore()

and put some meta tags in the html:

<meta http-equiv="pragma" content="no-cache" />
<meta http-equiv="cache-control" content="no-cache" />  

Any other ideas as to what the cause of this behaviour may be?

The issue was related to IIS.

The Directory Security for the web application was set to run only under anonymous access with a local user account and application pool specifically created for the application.

Turns out, Integrated Windows Authentication and Enable anonymous access must both be checked otherwise you'll get this weird behaviour.

FWIW, the ASP.NET web application is running in a FRAMESET/FRAME under a classic ASP site and the issue only occured when accessing the site from the local network. It worked fine externally. It also worked on the local network the first time it was accessed, then the session cookie would need to be cleared for it to work again.

This does not sound like a session state problem. It sounds like a problem with your Sub Page_Load

Is it just the login page that this happens to? If you've tried this on several IIS servers it would seem that something in your page is off. A standard install of IIS and a simple ASPX page with a button will cause a postback without having to do anything at all. If you aren't seeing that, then it must be something on that page. Try creating a very simple page with just a label and button and verify that you can see the post back and the page_load (like RichO said) are working correctly.

What sort of server configuration are you you using? It's a long shot, but sessions are server-specific: if you have multiple web servers, subsequent page loads may behave (correctly) as if the session was never set.

Make sure you have cookies enabled in your browser. Session storage requires cookies.

If this is happening on your dev box, set a breakpoint in your page_load (assuming you're not using MVC) or your POST controller action to see what's actually happening server side.

Also, try hitting this through an HTTP sniffer (like Fiddler) to see what's going over the wire.