On a production environment I have an IIS hosted asp.net application, actually many web applications. Every app consumes a lot of memory but at the moment the only way to limit it is recycle (nHibernate seems to be leaking memory, and it's creating large amount of string collections). The problem is that after the recycle it keeps loging users out or rather dropping the session ? On local computer I couldn't recreate the issue. I've tryed using state server with no luck, the issue contined, would SQL State saving chane anything or am I just miss leaded or missing something ?

When the application pool is recycled all sessions are lost if the session data is stored on memory (InProc, default).

Sessions are created by placing a cookie with a key in the user's browser and keeping that key on the server state machine.

If you use a SQL Server to store your sessions, you'll avoid the server loosing the session information. Session-State modes on MSDN.

The answer was surprising and it was related to view state errors that I logged in my application, I found a proper explanation on one of the MSDN sites, this line in particular :

regarding machineKey

"[...] When the application pool is running under a user account, the above keys are not generated leading to an intermittent invalid viewstate error."

In conclusion all that had to be done was generating a machine key and recycle is not causing users to re-authenticate anymore.

You wrote you tried StateServer mode, but stateserver mode works like sqlserver If I don't know it wrong. StateServer can be started from windows services and within your web.config you can set your servers ip address (which state server is started and working).

If stateserver doesn't work for you somehow, I doubt sql server will. Problem might be in another area I feel.

ASP.NET session state supports several different storage options for session data. Each option is identified by a value in the SessionStateMode enumeration. The following list describes the available session state modes:

InProc mode, which stores session state in memory on the Web server. This is the default.

StateServer mode, which stores session state in a separate process called the ASP.NET state service. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.

SQLServer mode stores session state in a SQL Server database. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.

Custom mode, which enables you to specify a custom storage provider.

Off mode, which disables session state.

You can specify which mode you want ASP.NET session state to use by assigning a SessionStateMode enumeration values to the mode attribute of the sessionState element in your application's Web.config file. Modes other than InProc and Off require additional parameters, such as connection-string values as discussed later in this topic. You can view the currently selected session state by accessing the value of the HttpSessionState.Mode property.