Session data is lost when you use Group Policy on Web servers that host ASP.NET

Article translations Article translations
Article ID: 835386 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

When you use Group Policy to manage the file security of Web servers that host Microsoft ASP.NET, unexpected application restarts may occur, and you may lose session data for your ASP.NET Web applications.

CAUSE

If ASP.NET detects changes to application files and configuration files, ASP.NET recompiles modules and restarts application domains for security reasons. Similarly, if ASP.NET detects a change in the Machine.config file, ASP.NET restarts the ASP.NET worker process for security reasons. Therefore, when Group Policy applies a file security Group Policy Object (GPO), ASP.NET may detect changes to application files or configuration files and then recompile modules or restart either application domains or the ASP.NET worker process. When ASP.NET recompiles modules or restarts either application domains or the ASP.NET worker process, in-process session data is lost.

This problem occurs if you use the InProc session state mode to store session data on a Web server that uses GPOs to manage file security. When Group Policy applies a GPO, ASP.NET detects changes in the access control lists (ACLs) for folders that contain application files or configuration files. Therefore, for security reasons, ASP.NET restarts ASP.NET Web applications, and you may lose in-process session data.

WORKAROUND

To work around this problem, use either of the following workarounds:

Do not use GPOs

Do not use GPOs to manage file security on Web servers that host ASP.NET. If you must use GPOs on the Web servers, make sure that you do not use the GPOs on those parts of the Web server that host ASP.NET and ASP.NET applications.

Do not use the InProc session state mode

Do not use the InProc session state mode to store session data. Instead, use either the StateServer session state mode or the SqlServer session state mode to store session data.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
307598 INFO: ASP.NET state management overview

STATUS

This behavior is by design.

MORE INFORMATION

Both Group Policy and ASP.NET enhance Web server security. However, these two technologies (Group Policy and ASP.NET) use different approaches to enhance Web server security. Therefore, if you use these two technologies together, the problem that is mentioned in the "Symptoms" section of this article may occur.

REFERENCES

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
324772 PRB: Session data is lost when you use ASP.NET InProc session state mode
For more information, visit the following Microsoft Developer Network (MSDN) Web sites:
http://msdn2.microsoft.com/en-us/library/87069683(vs.71).aspx

http://msdn2.microsoft.com/en-us/library/aa374177.aspx

http://msdn2.microsoft.com/en-us/library/aa374162.aspx

http://msdn2.microsoft.com/en-us/library/system.web.sessionstate.sessionstatemode.custom(vs.71).aspx

Properties

Article ID: 835386 - Last Review: May 17, 2007 - Revision: 2.7
APPLIES TO
  • Microsoft ASP.NET 1.1
  • Microsoft ASP.NET 1.0
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows 2000 Server
Keywords: 
kbacl kbconfig kbwebserver kbgrppolicyprob kbpolicy kbstate kbprb KB835386

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com