2

I have below in my global.asax Session_Start

string myBrowser = Utils.SafeUserAgent(Request);
foreach (string bannedbrowser in BrowserBan.BrowsersToBan)
{
   if (myBrowser.IndexOf(bannedbrowser, StringComparison.OrdinalIgnoreCase) > -1)
   {
       HttpContext.Current.Response.Redirect("/bannedBrowser.htm");
       Session.Abandon();
       break;
   }

It prevents transcoders accessing o my site. but every now and then i get an error saying

System.Web.HttpException: Session state has created a session id, but cannot
  save it because the response was already flushed by the application.
    at System.Web.SessionState.SessionIDManager.SaveSessionID(
      HttpContext context, String id, Boolean& redirected, Boolean& cookieAdded)
    at System.Web.SessionState.SessionStateModule.CreateSessionId()
    at System.Web.SessionState.SessionStateModule.DelayedGetSessionId()
    at System.Web.SessionState.SessionStateModule.ReleaseStateGetSessionID()
    at System.Web.SessionState.SessionStateModule.OnReleaseState(Object source,
      EventArgs eventArgs)
    at System.Web.SessionState.SessionStateModule.OnEndRequest(Object source,
      EventArgs eventArgs)
    at System.Web.HttpApplication.SyncEventExecutionStep.System.Web
      .HttpApplication.IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
      Boolean& completedSynchronously)

this only happens when I try to access it via (for example) Google Transcoder but I want to understand why it happens and how can I prevent it.

I have to abandon session so that on refresh user agent would re-evaluated.

Owen Blacker
  • 4,117
  • 2
  • 33
  • 70
nLL
  • 5,662
  • 11
  • 52
  • 87
  • As an aside: What you seem to be doing (preventing certain browsers from accessing a page) would be considered bad practice in most circumstances. You are probably relying on the User-Agent string sent by the client, which can easily be spoofed. If you merely wished to warn users about potential incompatibility issues, this would be reasonable. But from the language you use ("Banned Browser") I assume this is more than an incompatibility warning. You may already know this and have your reasons for doing it, of course. Just wanted to make sure you keep the pitfalls in mind. – Karmic Coder Sep 24 '09 at 18:00
  • It is a mobile site and sometimes users from google search comes to it via google's web transcoder which removes everything and kills user exprience. And some times people/members use gogole transcoder as proxy. – nLL Sep 24 '09 at 18:06
  • The answer is here: http://stackoverflow.com/questions/904952/whats-causing-session-state-has-created-a-session-id-but-cannot-save-it-becau/1966562#1966562 – Adi Apr 25 '12 at 12:45

2 Answers2

4

Have you seen this thread?

I encountered this exception (in a different context) and fixed it with the following ...

void Session_Start(object sender, EventArgs e) 
{
string id = Session.SessionID;
}
Robert Claypool
  • 4,262
  • 9
  • 50
  • 61
  • how would assiging sessionid to a string would help me? i don't need session id once i know it is a transcoder. I don't want to assign a session id once it is flushed as i need to check on next request if it is transcoder. – nLL Sep 24 '09 at 17:13
  • Supposedly, the `SessionID` get accessor has some side-effect behavior that causes the session ID to be initialized when it is accessed. The `Session_Start` event is probably early enough in the page life cycle that the session ID is safely saved at some point after that and doesn't produce the error in OP. So the point is not about obtaining the session ID string value, but about simply causing the `SessionID` get accessor to run. – JLRishe Feb 24 '14 at 08:00
2

Have you tried flipping the order of abandoning your session vs redirecting?

Session.Abandon();
HttpContext.Current.Response.Redirect("/bannedBrowser.htm", true);
JustLoren
  • 3,224
  • 3
  • 27
  • 34
  • i've done this but it'll take time to see the result as i don't get error on every transcoder request – nLL Sep 24 '09 at 17:14