after login, ASP session goes invalid after a while

[jochenwezel]

Reproduction steps:

• successfull user login with ASP.NET and classic ASP enabled on server
• ASP.NET and ASP stay logged in for several hours/days
• but at some point, ASP sessions won't be refreshed any more, some hours later, the user is not logged on at classic ASP (while still everything stays okay with ASP.NET)

[jochenwezel]

When a IIS server application restarts (e.g. by application recycle mechanisms, iisreset, server reboot), classic ASP is not able to re-use the existing cookie information to restore the session. For this, classic ASP can't re-establish the connection to the CIP session. After 12 hours, the ASP session data gets invalid. From this point, every request to ASP will be handled as without a login.

Workaround for user: the user has to logout completely (or close the browser completely) and re-login.