How to protect application pools from session serialization exceptions?

后端 未结 3 1951
逝去的感伤
逝去的感伤 2021-02-09 05:52

We\'re using an Out-of-Process Session Provider (ScaleOut) for an ASP.NET application and we\'ve noticed that when an object that\'s not correctly setu

3条回答
  •  囚心锁ツ
    2021-02-09 06:15

    We were able to resolve this issue with the help of SOSS technical support – they were tremendously helpful – here are the details:

    • Upon session expiry, SOSS raises an expiration event in its client libraries, which in turn are responsible for firing Session_End in Global.asax (N.B: ScaleOut load balances expiration events across clients, so the web server that created the session may not necesarily receive its expiration event - this is critical for trying to reproduce these issues).
    • Because this happens outside the context of a request, the exception is unhandled and kills the app pool;
    • It’s an extremely uncommon scenario but one that they will nonetheless address in upcoming maintenance releases;
    • The remedies are as follows:

      1. Fix the System.Exception-derived type (that’s serializable but not unserializable);

      2. Remove Session_End events in Global.asax or disable the expiration events (max_event_retries set to 0 in soss_params.txt);

      3. In these scenarios, it’s likely that the user encounters a SerializationException on one of their requests, meaning it reaches Application_Error; here you can clear the session keys (must clear all of them) or abandon the session outright;

      4. Subscribe to AppDomain.UnhandledException to be notified of unhandled exceptions, should they occur (no recourse here, just logging); they can also be disabled via legacyUnhandledExceptionPolicy (not recommended);

提交回复
热议问题