开发者

Re-enable ASP.NET session that caused IIS hang

开发者 https://www.devze.com 2023-02-02 07:38 出处:网络
I\'m trying to implement some fail safes on a client\'s web server which is running two of their most important sites (ASP.NET on IIS7).I\'m going to set up application pool limiting so that if any w3

I'm trying to implement some fail safes on a client's web server which is running two of their most important sites (ASP.NET on IIS7). I'm going to set up application pool limiting so that if any w3wp process uses 90%+ CPU for longer than a minute then it gets killed (producing a temporary 503 Service Unavailable message to any visitors), and based on my local testing will be restarted within a minute - a much better solution than having one CPU-hogging process taking down the whole server for any length of time.

This seems to work, however during my fiddling on my local IIS7 instance I've noticed that if a request calls my "Kill.aspx", even when the site comes back up IIS will not serve the session that caused it to hang. I can only restart the test site from a different session - but as soon as I clear my cookies on the "killer" browser I can get to the site again.

So, whatever malicious behaviour IIS is trying to curb with this would not work against an even slightly determined opponent. In most cases, if excrement does hit fan it will be coding/configuration error and not the fault of the user who happened to request a page开发者_如何学运维 at that time.

Therefore, I'd like to turn this feature off as the theoretical user would have no idea that they need to clear their cookies before they can access the site again. I would really appreciate any ideas on how this might be possible.


Yous should be using ASP.Net Session StateServer instead of In-Proc (see msdn for details). That way, you session will run in different process and won't be affected by IIS crash.


Turn what "feature" off? If the worker process is reset (and your using in-proc session) then the session is blown away on a reset.

You might want to investigate moving your session storage to a state server or some other out of process scenario.

Also, you might want to set the application pool to use several worker processes (aka: web garden) this way if one process is killed the others continue serving content.

Next, as another option you might want to set up multiple web servers and load balance them.

Finally, you might want to profile the app to see exactly how they are causing it to spin into nothingness. My guess is that there are a number of code issues you are simply covering up with this idea.

0

精彩评论

暂无评论...
验证码 换一张
取 消