I have been able to significantly improve this admin session issue but i would not consider it a complete fix yet. The issue centres on the managing of sessions across web farms and given then the majority of users experiencing this are debugging on a hosted environment that stands to reason. The app is tested and works as expected in a local dev environment but when deployed to a hosted environment session state is not maintained.
The steps that I have taken to eliminate this are as follows.
Add the following attributes to the web.config pages section.
maxPageStateFieldLength="40"
enableEventValidation="false"
viewStateEncryptionMode="Never"
enableViewStateMac="false"
e.g <pages theme="DarkOrange" maxPageStateFieldLength="40" enableEventValidation="false" viewStateEncryptionMode="Never" enableViewStateMac="false">
Add a machine key to the system.web section
<machineKey validationKey='Your key' decryptionKey='Your key' validation='SHA1'/>
Now you are not auto generating a key which is not as secure, if someone can get access to your config file then they have the decryption key to decrypt your view state. Weigh that up against not being able to the the admin area.
Of the 4 attributes to the pages section I believe all you need is the enableviewstatemac = false, the other three are left over from my testing and I had planned to change them back to guage the result.
BTW – I am getting viewstate errors in the nopcommerce admin logs which I havnt looked at in any detail but at least it looks like we’re on the right track to a hosted session solution.
Any further feedback would be most welcome.
E