ZimmertyZim
ZimmertyZim
PostsComments
CC#
Created by ZimmertyZim on 2/23/2024 in #help
ASP.NET Web Forms Session Loss in Load-Balanced Environment
We're encountering an issue with an older ASP.NET Web Forms application that is load balanced between servers. During user sessions, we're observing the ASP.NET_SessionId being lost midway through their journey, which redirects them back to the initial page of the application. Interestingly, disabling one of the web servers seems to alleviate the problem temporarily. We've already attempted adding a machine key as per common advice, but unfortunately, the issue persists. I'm wondering if there might be other factors at play that we're overlooking. Slightly off topic, but our client connects through a proxy, and while it might be a stretch, I'm considering whether their system could potentially be sending subsequent requests from different IP addresses, contributing to this problem. While this might not fall squarely within the domain of .NET/C#, any insights or suggestions would be greatly appreciated.
1 replies
CC#
Created by ZimmertyZim on 11/17/2023 in #help
Cache not clearing, what am I missing?
Does anyone know why this cache is not clearing? I am trying to implement simple rate limiting an and old MVC application. If a POST endpoint is hit too many times, return a 500/429. My approach: 
private bool IsAllowed(string controllerName, string actionName, string ipAddress)
{
    var isAllowed = true;
    var maxRequests = 3;
    var timeframeMins = 3;
    var cacheKey = $"{controllerName}-{actionName}-{ipAddress}";  
                
    MemoryCache cache = MemoryCache.Default;
    CacheItemPolicy policy = new CacheItemPolicy
    {
        AbsoluteExpiration = DateTimeOffset.UtcNow.AddMinutes(timeframeMins),
        Priority = System.Runtime.Caching.CacheItemPriority.Default,
    };

    if (cache.Get(cacheKey) == null)
    {
        cache.Add(cacheKey, 1, policy);
    }
    else
    {
        var hitCount = (int)cache.Get(cacheKey);
        hitCount++;
        cache[cacheKey] = hitCount;

        if (hitCount > maxRequests)
        {
            isAllowed = false;
        }
    }

    return isAllowed;
}
private bool IsAllowed(string controllerName, string actionName, string ipAddress)
{
    var isAllowed = true;
    var maxRequests = 3;
    var timeframeMins = 3;
    var cacheKey = $"{controllerName}-{actionName}-{ipAddress}";  
                
    MemoryCache cache = MemoryCache.Default;
    CacheItemPolicy policy = new CacheItemPolicy
    {
        AbsoluteExpiration = DateTimeOffset.UtcNow.AddMinutes(timeframeMins),
        Priority = System.Runtime.Caching.CacheItemPriority.Default,
    };

    if (cache.Get(cacheKey) == null)
    {
        cache.Add(cacheKey, 1, policy);
    }
    else
    {
        var hitCount = (int)cache.Get(cacheKey);
        hitCount++;
        cache[cacheKey] = hitCount;

        if (hitCount > maxRequests)
        {
            isAllowed = false;
        }
    }

    return isAllowed;
}
This cache item never expires. The same thing happens if I am using the HttpContext cache approach: ... 
HttpContext.Current.Cache.Insert(cacheKey,
                   1,
                   null,
                   DateTimeOffset.UtcNow.AddMinutes(timeframeMins),
                   Cache.NoSlidingExpiration,
                   CacheItemPriority.Low)

...

HttpContext.Current.Cache[cacheKey] = hitCount;
HttpContext.Current.Cache.Insert(cacheKey,
                   1,
                   null,
                   DateTimeOffset.UtcNow.AddMinutes(timeframeMins),
                   Cache.NoSlidingExpiration,
                   CacheItemPriority.Low)

...

HttpContext.Current.Cache[cacheKey] = hitCount;
etc. Any idea? I am testing this by running an external script that hits the end point multiple times. I can trigger the rejection, but the cache never clears, so the limiting/blocking always remains in place.
2 replies