There are several possibilities, I will list the most common:
- Your server (Stateserver) is being restarted and is saving sessions in memory
- Your database that stores sessions is being erased (someone cleans it) with some frequency
- User is using incognito (anonymous) browser navigation mode
- User is cleaning cookies and sessions manually or browser is set to do so when close
- User is switching browser (session is not maintained between browsers)
- At some point in your code you may have a
Session.Abandon() or lougout
In the global.asax you can put error handlers to take the exceptions that are not being handled and pick up some error that may not be reported or detected.
Complementing
The session can be configured differently in the authentication part and in the HTTP part, inside your web.config. I will explain. See the following example of web.config
<?xml version="1.0"?>
<configuration>
<system.web>
<sessionState timeout="20" mode="SQLServer" cookieless="false" sqlConnectionString="data source=servidor\SQL2012;user id=user_aspstate;password=aspstate"/>
<authentication mode="Forms">
<forms name="MeuAuth" loginUrl="Login.aspx" path="/" timeout="10000" protection="All"/>
</authentication>
</system.web>
</configuration>
Note that the authentication timeout is 10,000 minutes! The default value of this property is 30 minutes. sessionState is set to a 20 minute timeout, which is already the default value . NET sets for this property. If Forms has a lower timeout than sessionState it will happen before. And it may be that your web.config is with this little problem of different values.
It depends on how the user is coming and going. The session is identified by a cookie in the customer’s browser, whether it is using different browsers or whether the cookie is being lost, the session will not be identified.
– Andre Calil