To be honest, I have almost no experience with applications running in a shared hosting environment. Most of my clients completely control their web servers, and it is much, much easier to support.
But I do have one customer whose app is on a shared server. Previously it was on a fairly crappy hosting company, but recently they made the switch to HostGator. I think HostGator is probably pretty good, but it is challenging for someone like me who has not had to deal with restrictions on some of the server settings.
When we upgraded their app to ASP.NET 4.0, we started seeing session time-outs at 5 minutes. This application involves entering financial data from tax forms, and the users are generally new to the app. Five minutes simply wasn’t enough time for many users to find and enter their information. As it turns out, the problem was the Idle Time setting for the application pool – it was set to 5 minutes, and it wasn’t an option to change it. Crap.
After some research, it appeared to me that if we switched from InProc sessions to a SQL server session server, we could avoid this problem. I made the change to my test server, and it seemed like the app pool Idle time was no longer affecting session state. (Of note: the SQL Session State Server scripts want to create a SQL Server job, which isn’t possible in shared hosting either. I found this post useful for getting around this.)
Then we implemented the same change on the production site. Users were still getting knocked out of the system when they were inactive for more than 5 minutes. What?! I was pretty annoyed.
Then I ran across this StackOverflow answer, and I was able to solve the problem. It also explained why it was working on my test server and not on the live server – the test server had a <machineKey> section in the web.config, but the live server did not. So the problem was actually not session itself, but an expiring forms authentication ticket.
I hope this helps the next guy. I had a lot of problems finding explicit answers via my Google-fu about how to solve shared hosting limitations with ASP.NET session state.