Databases
StackOverflow2013
Postsdbo
POHow to protect application pools from session serialization exceptions?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow to protect application pools from session serialization exceptions?
    text
    copied!<p>We're using an Out-of-Process Session Provider (<strong>ScaleOut</strong>) for an ASP.NET application and we've noticed that <em>when</em> an object that's not correctly setup for de-serialization inadvertently makes its way into session it will <strong>eventually cause the entire process to terminate</strong>. </p> <p>Reproducing and handling this scenario is where it gets even more interesting.</p> <p>The exception that terminates the process is raised in <strong>AnyStaObjectsInSessionState</strong> whose implementation is pretty straightforward:</p> <pre><code>internal static bool AnyStaObjectsInSessionState(HttpSessionState session) { if (session != null) { int count = session.Count; for (int i = 0; i &lt; count; i++) { object obj2 = session[i]; if (((obj2 != null) &amp;&amp; (obj2.GetType().FullName == "System.__ComObject")) &amp;&amp; (UnsafeNativeMethods.AspCompatIsApartmentComponent(obj2) != 0)) { return true; } } } return false; } </code></pre> <p>Here's the stack trace that shows how exceptions here terminate the process:</p> <pre><code>An unhandled exception occurred and the process was terminated. Application ID: /LM/W3SVC/1/ROOT Process ID: 4208 Exception: System.Runtime.Serialization.SerializationException Message: The constructor to deserialize an object of type 'Lucene.Net.QueryParsers.ParseException' was not found. StackTrace: at System.Runtime.Serialization.ObjectManager.CompleteISerializableObject(Object obj, SerializationInfo info, StreamingContext context) at System.Runtime.Serialization.ObjectManager.FixupSpecialObject(ObjectHolder holder) at System.Runtime.Serialization.ObjectManager.DoFixups() at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage) at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage) at System.Web.Util.AltSerialization.ReadValueFromStream(BinaryReader reader) at System.Web.SessionState.SessionStateItemCollection.ReadValueFromStreamWithAssert() at System.Web.SessionState.SessionStateItemCollection.DeserializeItem(String name, Boolean check) at System.Web.SessionState.SessionStateItemCollection.DeserializeItem(Int32 index) at System.Web.SessionState.SessionStateItemCollection.get_Item(Int32 index) at System.Web.SessionState.HttpSessionStateContainer.get_Item(Int32 index) at System.Web.Util.AspCompatApplicationStep.AnyStaObjectsInSessionState(HttpSessionState session) at System.Web.HttpApplicationFactory.FireSessionOnEnd(HttpSessionState session, Object eventSource, EventArgs eventArgs) at System.Web.SessionState.SessionOnEndTargetWorkItem.RaiseOnEndCallback() at System.Web.Util.WorkItem.CallCallbackWithAssert(WorkItemCallback callback) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading._ThreadPoolWaitCallback.PerformWaitCallbackInternal(_ThreadPoolWaitCallback tpWaitCallBack) at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object state) InnerException: System.Runtime.Serialization.SerializationException Message: The constructor to deserialize an object of type 'Lucene.Net.QueryParsers.ParseException' was not found. StackTrace: at System.Runtime.Serialization.ObjectManager.GetConstructor(Type t, Type[] ctorParams) at System.Runtime.Serialization.ObjectManager.CompleteISerializableObject(Object obj, SerializationInfo info, StreamingContext context) </code></pre> <p>We would like to understand two things:</p> <ol> <li><p>When does <strong>FireSessionOnEnd</strong> fire for an out-of-process provider and, more importantly, how can we mimic this in a development environment that's not under load? I've experimented with lowered session timeouts (set to a minute), manually invoking Abandon(), and manually invoking GC.Collect(), all to no avail. </p></li> <li><p>Can we trap errors that happen at this step to protect the app pool? The exceptions raised here are logged w/ <strong>Source=ASP.NET 2.0.50727.0</strong> and don't reach the application error handlers in global.asax. What can we do to guard against this scenario, even after appropriate checks &amp; balances are applied to session-bound objects?</p></li> </ol> <p>Any insights would be appreciated.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload