WCF: Session timeout per call
I have a WCF service with instance context mode set to PerCall and using wsHttpBinding. A poorly programmed client has the ability to consume sessions without releasing them properly (i.e., the client does not call Close () on the client's proxy). Looking at the "Percent of Max Concurrent Sessions" performance counter, I can see that every connection is consuming a session and not releasing it. Under normal, correct circumstances, the session is only used for a few moments while the call results are returned.
I am trying to find a way to turn off these bad sessions and get away, but with no success. Since this is not a trusted session, the RecieveTimeout and InactivityTimeout settings have no effect. Here's a part of my current config that has a lot of timeouts set in it but doesn't seem to work:
<behaviors>
<serviceBehaviors>
<behavior name="UpdaterBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
<serviceCertificate findValue="xxxxxx" x509FindType="FindBySubjectName"/>
</serviceCredentials>
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="SqlRoleProvider"/>
<serviceThrottling maxConcurrentCalls="10" maxConcurrentSessions="10" maxConcurrentInstances="10" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="UpdaterBinding" messageEncoding="Mtom" maxReceivedMessageSize="100000000" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:01:00" sendTimeout="00:01:00">
<reliableSession ordered="true" inactivityTimeout="00:01:00"
enabled="false" />
<readerQuotas maxArrayLength="100000000"/>
<security>
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
I can set the service numbers to be much higher, but that just hides the problem for a while, and eventually the bad client will use all sessions. I want the server to release any session that has been for more than a few minutes since there is no reason this service should take a long time.
Any suggestions?
source to share
Ok, I may be completely out of base, but based on what I understood from your question, here is a possible solution:
Obviously you can get a list of active sessions, but you cannot end the session from the service side:
http://social.msdn.microsoft.com/Forums/en/wcf/thread/a6a72bd7-bd06-43e3-8abb-d6c10432a07b
One thing I can think of is that if you are hosting a WCF service in IIS, you can create a Windows service that runs on the server and see active sessions. Maybe you can figure out when the session build is unmanaged for the server and force it to restart the IIS application pool?
source to share
One option for orphaned sessions is to configure wsHttpBinding to not use any session-specific functionality (such as reliable messaging, which is now configured by the service).
If you have a business need that requires reliable messaging, go to netMsmqBinding to get guaranteed message delivery, but at the cost of designing around a one-way messaging pattern. DeviantSeev is correct that you cannot control logging out of the service, but the solution it recommends is pretty radical. This is not realistic if you have a high volume environment such as an e-commerce site due to downtime caused by reusing the application pool.
source to share