In trying to improve the throughput of a classic ASP app I wrote last
year, I added monitoring to the application and session start and end
methods. For one, I'm counting the total number of sessions and the
high water mark. My monitoring has revealed a few interesting things.
1. The ASP application is being shutdown and restarted almost daily.
The hosting company swears that neither the machine (shared server)
nor IIS nor the application is being restarted. Is there any other way
the Application_OnStart and _OnEnd methods might be invoked?
2. I found in the app log that apparently one invocation of the app
was being shutdown while a new one was being started; i.e. the Startup
event for the new run was logged before the Shutdown Complete event
was logged (in the same file) for the old run. How is this possible?
3. At one point, about 40 new sessions were started up from one given
IP address, with 5-10 seconds between start events being logged. Does
this happen if the user has his browser's cookies disabled? How else
might this happen (except perhaps for deliberate DoS-style hacking)?
4. Because of (3) above, I think I want to limit the number of
concurrent sessions originating from a given IP address (I already
keep an application-level array that tracks the IP addresses of all
active sessions). To be least annoying to the end user, I presume I'd
want to kill older sessions rather than not allow newer sessions (in
case of browser crashing, for example). Is there a way to kill another
session by ID, or to instruct another session to kill itself?
Thanks
tbone