In terms of IIS, a LS app is just another web app, so all the same rules apply such as Forms Session cookies. I had taken care to set session timeouts, but still was having timeouts at random times which left me confused; until I realized application pool restarts wipe out the session state on the server. So you need a way to persist session state across AppPool restarts (and server restarts). If you are using 3rd party Hoster, your app pool is normally shared across all sites on the server. So you should assume your app pool is restarting all the time for various reasons (configuration changes, memory pressure, maintence, etc) The easiest way to store session state is the use the ASP.NET State Service. Here is the process:
1) Start the ASP.NET State Service and change to automatic startup. Your hoster may already have it started. Arvixe does for example.
2) Update your LS web.config in the ServerGenerated folder. Add or change the authentiation element and sessionState element using below as a guide.
3) Deploy your app again and browse to your application or Hit F5 if already open to pull down new version and update session.
<forms name=”MyAppName” timeout=”1440″ />
<sessionState mode=”StateServer” cookieless=”false” timeout=”1440″ />
You can also view or change your application’s session state in IIS MMC in the Session State icon. It is best to add to your LS web.config as it will persist across deployments.
Hope that helps.