I am having a problem with the state of an In-Proc session.
Our application is based on the MVC 3.NET platform and is integrated into our site with Sitecore CMS support.
Our users experience an “object link not set to an object instance” randomly through the application stream.
After extensive logging and tracing, we can conclude that this was caused when the session object returned null.
Here are some details about what we found and what we know.
- The session ID is constant for the same user and passes all the way to the application correctly.
- I do not think this is a problem with the code, because it only happens during production in an arbitrary interval, never happens in a local, dev or intermediate environment.
- There are two production servers working through a load balancer.
- This is not a server problem, because we tested one of the servers asleep and having all the traffic traffic to one server. In addition, by logging, we can determine that the user is clicking on the same server, but the session has become null.
- This does not seem to be a problem with the client, because they can successfully complete the application, even if they had previously encountered an error.
- This, apparently, is not a problem of traffic loading or server loading, because it happens every other day at random time and happens to random users during.
- This does not seem to be caused by reusing the application pool.
- This does not seem to be caused by the session timeout, since we set the timeout to two hours, and while we are tracking the log, users can experience this 5-10 minutes per thread.
Note: we must use In-Proc session state due to our Sitecore CMS. Therefore, a design change is not an option.
I have a theory that may have something to do with blocking the session or be corrupted by simultaneous access attempts.
In several places, we often encounter this problem with our application when users are redirected to javascript (windows.location).
And in areas where asynchronous aynax calls are made.
We scratched our heads a bit, I wonder if any of you can understand or the theory of what might be the problem?
thanks
Added Note:
@Mystere && @ H27Studio, so I also found something related to sessionID or session reset problems. In some cases, we find that when the page is redirected, it launches two repeated GETS calls for the method, while the first call skips the session identifier and is accidentally redirected to one of the servers (this is due to the fact that a constant server session from the load balancer is based on the client IP , sessionID, and other header information to create a unique session to support the client on the same server). This happens every time during a stream when our redirect page uses window.location.
This will cause an "Object reference not set .." error for the client, if bad, no call to sessionID has reached the same server. (This is likely due to the fact that the first bad call without sessionID calls the application to create a new session, which overrides the original session object). Thus, even on the second call, in which the correct sessionID password is passed to the application, we find that the session object contains zero.
So, I believe that there is a problem with a duplicate call that clears the session object, which is not sure why or what causes this to start.
Does anyone know about this? Thanks
Update: We plan to take these steps in the hope of resolving this issue.
- We have problems in areas where Async Ajax calls were created, so we plan to remove the Async function and let it perform Ajax synchronization.
- We have problems with javascript redirecting windows.location. We created an alternative method using postback in the hope of fixing a problem in this area.
- Other areas that are not related to one of the above problems are still in the air.
The effect of the change will be published after we deploy it for production.
Thanks for all the comments.