S
steventhrasher42
I very likely may be missing something here, but what stops a user from
holding down the F5 key in their browser and generating hundreds of
requests to IIS and thus tying up server resources?
If session state is enabled (enableSessionState=true), all of these
requests get queued and processed one after another.
And if the user finds a particular page with poor enough performance,
say one that takes a few seconds to render, by holding down the F5 key
for a minute, he can queue up hundreds of requests and tie up the
server spiking it's cpu for an hour or even hours.
I've tested this and used the Performance Monitor to confirm this is
what goes on.
Shouldn't there be a feature of IIS or ASP.NET that allows you to limit
the number of requests per ASP.NET session so this is avoided?
holding down the F5 key in their browser and generating hundreds of
requests to IIS and thus tying up server resources?
If session state is enabled (enableSessionState=true), all of these
requests get queued and processed one after another.
And if the user finds a particular page with poor enough performance,
say one that takes a few seconds to render, by holding down the F5 key
for a minute, he can queue up hundreds of requests and tie up the
server spiking it's cpu for an hour or even hours.
I've tested this and used the Performance Monitor to confirm this is
what goes on.
Shouldn't there be a feature of IIS or ASP.NET that allows you to limit
the number of requests per ASP.NET session so this is avoided?