Method to maintain Session: Some people say to set session.timeout=-1, or a number less than 0. This method is definitely not possible. The session calculation time is in minutes and must be an integer greater than or equal to 1. Someone else said to set session.timeout=99999. This doesn't work either, the session has a maximum time limit. After testing, I found that the maximum value is 24 hours, which means that the maximum you can have is session.timeout=1440, and 1441 is not allowed, haha. My test environment: win2003+IIS6.0+ASP3.0.
Therefore, it is impossible to make the session never expire by setting the expiration time of session.timeout. Writing into Cookies is a better method. There are many such tutorials on the Internet, so I won’t go into them here! Another method is to set up a hidden iframe in the page where the session is to be maintained. Every once in a while (this time is less than the session.timeout time), refresh the empty page in the frame! The implementation method is as follows:
Add the following to the session page where you want to keep it:
Copy the code code as follows:
<iframe width=0 height=0 src=/blog/SessionKeeper.asp></iframe>
Create the SessionKeeper.asp file in the same directory. XML/HTMLCopy code
Copy the code code as follows:
<html>
<head>
<meta http-equiv=Refresh content=900000;url=sessionKeeper.asp>
<!--Refresh yourself every 900 seconds in order to communicate with the server and keep the session from being lost-->
</head>
</html>
This method is relatively common, and there is another method similar to the above, but it does not use meta to automatically refresh nested iframes. He uses javascript:window.setTimeout(functionname(),10000); to automatically call a function at intervals. Of course, the function still needs to connect to an empty file. The specific method is as follows:
Add: JavaScript copy code to the session to be maintained
Copy the code code as follows:
<script id=Back language=javascript></script>
<script language=javascript>
function keepsession(){
document.all[Back].src=/blog/SessionKeeper.asp?RandStr=+Math.random();
//The RandStr=Math.random here is just to make the value of back.src different each time to prevent the refresh of the same address from being invalid.
window.setTimeout(keepsession(),900000); //Call itself every 900 seconds
}
keepsession();
</script>In this way, just create a sessionKeeper.asp file with empty content in the same directory!
The problem is not solved: There should be no problem with maintaining the session through the above method. The default value of IIS for clearing the session without request is 20 minutes. The time I set for each interactive service is much less than this value, but it takes about a day for me. After a lot of time, the session still disappears for no reason! depressed.
Later, I searched many places on the Internet and finally found the answer: It turns out that in order to protect the server, IIS has a recycling concept! After testing for a long time, I finally got a general understanding (don’t laugh at me^-^). Let’s first take a look at where this recycling is set up.
Start IIS Manager->Application Pool->Right-click->Properties->Recycle tab. There is one item that works by default, which is the first item: Recycle Work Process (Minutes). The default value is 1740 minutes, about 29 hours. . What does he mean? My personal understanding: All ongoing sessions will be automatically cleared 1740 minutes after session.timeout. This value can be set to a maximum of 4,000,000, which is approximately more than 2,700 days! I canceled it directly without him automatically recycling it! The problem is finally solved.
In addition, there are several other items in this properties dialog box:
The second item should be recycled when the number of connected users exceeds a certain number.
The third item is to automatically recycle it at a certain time.
In the Performance tab, shut down the worker process after being idle for this period of time. This is where the IIS default session.timeout time is set. The default value is 20 minutes. The maximum value here can also be set to 4000000, which is different from setting the maximum value of session.timeout to 1440 in the ASP page. I haven't tested whether setting a value greater than 1440 here will work. I think it should be possible. So why can the maximum value of session.timeout in the ASP page be only 1440, but it can be set so large in the properties of IIS? It should be a protection mechanism: any user can set the value of session.timeout on the ASP page, but only the administrator can set it in IIS. The two have different permissions, so the setting range is different.