.NET MVC3, how to avoid session restart in 100 MB application pool

Posted on Monday, 27 June 2011 by nestor in How To

We recently had some problems with one our host servers, they set a limitation of 100 MB memory for dedicated application pools. While is understandable they set such a limit, problem is that limit is very low for .net mvc websites, since an empty website already needs 30 MB, so as soon as you add database and get traffic, it easy goes above 100 MB, causing the application pool to restart and session is lost having all your visitors logged out.

What you can do? You can optimize your mvc application, you can get a virtual or dedicated server, or you can use another way to keep your session.

We chose the last one, in the meantime we found ways to optimize our mvc websites to run under 100MB.

SessionState = StateServer

By default, .net websites use in-proc session state to keep session information, in-proc sessions are kept in the application pool. So, to avoid depending on the application pool, you can use out-proc session state, to do so set the .NET session state mode to StateServer inside the <system.web> section:

<system.web>
    <sessionState mode="StateServer" cookieless="false" timeout="20"/>
    <authentication mode="Forms">
        <forms loginUrl="~/Account/Login"/>
    </authentication>
</system.web>

If this still doesn't work (session keep reseting), means the StateServer mode still not being used. Then you can try adding a machineKey, you can generate one here:

<system.web>
    <sessionState mode="StateServer" cookieless="false" timeout="20"/>
    <machineKey
        validationKey="59361B5E99D541785FF6EBA8650E08CC87428B34DBB6C68B401CE07ECEBE886EC3413E59C53FC46A31F6FCCADAED2A14CCC27E63DAD789CCDF20191F0612E3B3"
        decryptionKey="E0289E75B93F90F755AC3A7F4B2A5F4FBDD2091A9B193A3BBCF5F4AFB23E64EF"
        validation="SHA1" 
        decryption="AES" />
     <authentication mode="Forms">
        <forms loginUrl="~/Account/Login"/>
    </authentication>
</system.web>