Session State Storage (on-premise)

Factors That Can Destroy A User's Session Object

• user clicks the Logout button
• user closes the browser
• the session object is 10 hours old
• rebooting the web server
• restarting IIS
• restarting the LobbyCentral application pool
• third-party scanning programs such as Anti-Virus, Malware, etc.
• low server memory

Types of Session Storage

LobbyCentral offers two types of session storage: In Process (default) and SQL Server.

• In Process storage: Objects are stored in the server's memory and controlled by IIS. This is why objects are destroyed if the server is rebooted or IIS is restarted.
• SQL Server storage: Uses a SQL database to manage session objects. This provides a more reliable method of retaining objects, as it is not affected if IIS or the LobbyCentral server is restarted (if SQL resides on a different server).

Temporary SQL vs Persistent SQL

SQL Session state can be configured as Temporary or Persistent. The difference between the two modes is, with Temporary, all sessions are lost if the SQL server is rebooted, or the service is restarted. Temporary is recommended for SQL Express installations.

How to Switch to SQL Session State

SQL Session state is recommended if users are constantly redirected to the Login page. Before proceeding, all users must be logged out. This includes kiosks and QMonitor.

Setting up Persistent SQL Storage (recommended for SQL Server)

1. Log into the LobbyCentral web server with an administrator account.

2. Go to c:\windows\Microsoft.NET\Frameworks\v4.0.30319

3. Create the ASPState database by executing this command: 

aspnet_regsql -ssadd -sstype p -S <dbServerName> -U <username> -P <password>  dbServerName: IP or name of the database server username: domain or SQL account that has db creator rights (using sa is recommended). password: user's password

4. Connect to the database server using SQL Management Studio.

5. Verify that the ASPState database was created.

6. Expand Security and right-click on Logins and select New Login.

7. Set the login name to 'sessionStateUser' and select SQL Server Authentication.

8. Enter a strong password.

9. Un-check" Enforce Password Expiration" and "User must change password".

10. Click User Mappings.

11. Check the Map box for the ASPState database.

12. Check "db_owner" under roles.

13. Click OK to save the account.

14. Make a backup of c:\program files\fuhr software\lobbycentral\web\Web.config

15. Open web.config in Notepad. Locate the <sessionState> tag and change it to the following:

<sessionState mode="SQLServer" sqlConnectionString="Data Source=<dbServerName>;User ID=sessionStateUser;Password <password>" timeout="720"/>  Parameters: dbServerName: IP or name of the database server password: user's password

aspnet_regsql -ssadd -S <dbServerName> -U <username> -P <password>

Testing The Configuration

Once the steps have been completed, perform a login test. If no errors are shown, the configuration was a success.

You can also verify that sessions are being written to the database by viewing the AspStateTempSessions table in the tempdb database for temporary, orASPState database for persistent.

Purging Expired Sessions

A SQL job is automatically created that will purge expired sessions from the table. By default, the job is configured to run every minute.

SQL Server Users

You can change this schedule by editing the ASPState_Job_DeleteExpireSessions job located in SQL Server Agent > Jobs.

SQL Server Express Users

You will need to manually execute the stored procedure DeleteExpiredSessions found in ASPState database > Programmability > Stored Procedures. It is recommended to run this script every 30 days.

Switching Back To In-Process Session State

1. Make a backup of c:\program files\fuhr software\lobbycentral\web\Web.config

2. Open web.config in Notepad.

3. Locate the <sessionState> tag and change it to the following:  <sessionStatetimeout="720"/>

4. Save and close the file.