2

I have Windows Home Server 2011 SP1 64bit. It's running IIS 7.5 and has a classic asp app on it. I'm getting per-client slowdowns every now and then. By this I mean that one specific browser will behave as if the server is not found. Other browsers on the same machine are fine, and other machines on the network are also fine.

I installed IIS7.5, then added my classic asp app. I configured the app pool to allow 32-bit access for my com, and I configured IIS to send me the actual errors. I've set common http headers - "http keep alive" and "expire web content immediately", to see if they help (no). This is about all I've changed.

The app doesn't have a database. It doesn't use integrated authentication. It doesn't interop with dotnet. It's not doing anything clever or complicated. If I reduce the problem to a page that sets a cookie and nothing else, the problem still comes up after a while.

Upon inspection of the browser when this happens, there are always multiple ASPSESSIONID cookies (e.g. more than 30). They look like this:

Cookie:ASPSESSIONIDSCRQTCBT=JCFJPAHDDFOOBJCDHCIPHDCH; ASPSESSIONIDCQQSTQAC=MAJHOOJCFEDLCLPNALLILMCL; ASPSESSIONIDAQTTRQBD=OGIPPIFDHODGGANGGPPJFJGI; ASPSESSIONIDQCCQCRBC=IINDIKMBMNABDJKMCKMFMFOF; __utma=104959943.97773051.1372652641.1372652641.1372652641.1; __utmc=104959943; ASPSESSIONIDSQDRCSCQ=JHCNKOADBNKDMCLKFFCCINJD; ASPSESSIONIDQSQQDDSQ=OLFFMCCDBBNCLDKEFEAEIONM; ASPSESSIONIDSSSBTCCD=NBLNLHMBEOANIGDHHLFHNENH; ASPSESSIONIDACQRATQT=DKJNFHODFIDJJBFEFMBEBBLB; ASPSESSIONIDQSSSRTDD=ICCNACFCIPMAHJEPHDJBNMPA; ASPSESSIONIDASDBABDS=PANLJLOCMFAFGHEEEGAPJNPM; ASPSESSIONIDASAACACS=PIDJNIPCLOJCKINLBLCBPJED;

etc ..

This horror is eventually followed by the couple of actual cookies I've set. I don't USE this ASPSESSIONID- what is it for, can I get rid of it? Is it likely to be a cause of my slowdown?

frumbert
  • 131
  • 1
  • 10

2 Answers2

3

It is very unlikely that the ASPSession cookie(s) have anything to do with your problem.

If you don't use session state within your ASP site, you can turn if off in IIS.

In IIS manager, select your site and click the ASP icon, at the bottom expand Session Properties and set Enable Session State to False, you will no longer have that cookie.

Why are there two? The classic ASP engine sets a cookie when it creates a session for a user, if for any reason, it looses that session (like the AppPool is recycled) it sets a new cookie for a new session. The browser keeps the old one, because it doesn't know that it is no longer valid the server.

Peter Hahndorf
  • 13,763
  • 3
  • 37
  • 58
  • yes, I'd tried that. But I am using session state quite a bit. I'm not just getting two, I'm getting thirty, fifty, ninety. It sounds like it is a recycle problem then. I'll play with that instead. – frumbert Feb 10 '14 at 22:42
  • I did some auditing at the traffic at out site and found some requests with HUNDREDS of ASPSESSIONID's. There's as much cookie bandwidth as there is regular bandwidth! – Brain2000 Jul 21 '16 at 14:47
0

I had this problem too. I think the maximum size for a domain cookie is 4k, so some weird behaviour I experienced was actually due to the 4k of space being filled with bogus ASPSESSIONID cookie data.

Anton's javascript solution here solved the problem for me: https://stackoverflow.com/questions/12783878/classic-asp-multiple-aspsessionid-in-cookies

Community
  • 1
James McCormack
  • 243
  • 1
  • 2
  • 7