ASP.NET sessionState SQLServer mode timeout doesn't work

Question

I've configured the sessionState to use the custom SQL server below and set it to be expired after 1 minute. It seems like the session always remain on the browser and sql server. I even set the regenerateExpiredSessionId to false and still having the same problem. I am running asp.net 4.0 under IIS 7 windows 7 pro.

My web.config configuration

<sessionState mode="SQLServer" allowCustomSqlDatabase="true" sqlConnectionString="Data Source=MYCON\SQL2008REXPRESS;Initial Catalog=DBASPState; User ID=DB1543Write;Password=test" timeout="1" sqlCommandTimeout="10" regenerateExpiredSessionId="false" stateNetworkTimeout="10" compressionEnabled="true" cookieless="false" />

I've checked the table ASPStateTempSessions in the sessionstate database and saw records within it. Read and write, owner permission is current configured with urrent user of this database. There is no errors from "Even Viewer".

I've checked the value from the ASPStateTempSessions table and below it seems like the session is off compare to 5 hours compare 1 minute. It seems like asp.net configured it to be expired within 1 minute using another timezone instead of the current machine timezone.

My current time is 12/17/2011 11:29 AM Database columns had the value CreatedDate(column) 2011-12-17 17:29:01.677 Expires(column) 2011-12-17 17:30:03.903

Full details on the database value is below.

The first record is when i first visit my website

SessionId, Created, Expires, LockDate, LockDateLocal, LockCookie, Timeout, Locked, SessionItemShort, SessionItemLong, Flags
0wtp4j0traj5e0gydygkyoe22476b033    2011-12-17 17:29:01.677 2011-12-17 17:30:03.903 2011-12-17 17:29:03.873 2011-12-17 11:29:03.873 11  1   False   <Binary data>   NULL    0

After I pressed the "Refresh" button on my browser, the record was updated with the new expired time but the session information is still there

0wtp4j0traj5e0gydygkyoe22476b033    2011-12-17 17:29:01.677 2011-12-17 17:37:08.910 2011-12-17 17:36:08.907 2011-12-17 11:36:08.907 13  1   False   <Binary data>   NULL    0

Any ideas?

Answer 1

The expiration time is UTC.

When SQL sessions expire, they are not immediately removed from the session table, nor will you receive a Session_End event.

The SQL session provider doesn't actively monitor the Expires column in the session table. Instead, sessions aren't "officially" expired until they are removed from the table, which is done with a SQL Agent job that calls the DeleteExpiredSessions stored procedure. By default, the job is configured to run every 60 seconds. Of course, this means that SQL Agent needs to be running for session expiration to work. It also means that you need to wait at least 60 seconds after "nominal" expiration before "actual" expiration happens.

You can force expirations by calling the SP yourself, if you need to.