Web Requests do not use same session identifier

Question

Problem: In the ASP.NET Web Forms app Session_ID is different for every single Web request. Related ASP.NET_SessionId cookie is not appearing in the firebug.

While researching I found out that Session Cookie disappears right before PostReleaseRequestState event is fired.

Currently found a solution that customizes session-state module implementation. See SessionStateUtility Class (MSDN). While adopted to the app this sample seems to fix all the known problems but this solution is just not clean enough as for me, isn't it? If so what can be a problem here?

Related config source part looks like:
<sessionState mode="InProc" stateConnectionString="***" sqlConnectionString="***" cookieless="false" timeout="20"/>

Thanks.

So, you're saying that the session id cookie is getting destroyed/recreated on each request? — crush, Jan 29 '14 at 15:18
@AndreaScarcella No load balancer at least so far. I didnt write anything to session and that seems to be a problem. Just tried out to write smth on PostRequestHandlerExecute event and that worked for me. Thanks a lot! — user2591056, Jan 29 '14 at 15:59

score 2 · Accepted Answer · edited May 23 '17 at 10:25

2

As documented in this answer https://stackoverflow.com/a/2874174/741695, ASP .NET does not allocate storage for session data until the session object is used.

In short, you can either implement Session_Start in Global.asax and store some dummy data in the Session object to fix its SessionID or you cna do the same somewhere else in your application code.

Hope this helps.

References:

https://stackoverflow.com/a/2874174/741695

http://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.sessionid.aspx

edited May 23 '17 at 10:25

Community

1
1

answered Jan 29 '14 at 15:34

Andrea Scarcella

3,233
2
22
26

I found that having a global.asax was sufficient to keep the SessionID the same, and had no need to insert dummy data into Session. – mason Jan 29 '14 at 15:53
Thanks for your feedback, but did you happen to acutally use the Session object elswhere in your application? – Andrea Scarcella Jan 29 '14 at 15:56
@AndreaScarcella Well, this problem came out to be blocking for various tasks. I was not researching deeply before few use cases for session appeared. Particularly, it is the custom logging mechanism, also integration tests that for a couple of reasons have to store progress of test execution in user session. One more usage I suppose will be storing user profile properties which are used in our custom user access control system (data is stored in asp.net profile but session should be used to provide some stress testing reliability) – user2591056 Jan 29 '14 at 16:10
@msm8bball You should be right, but one more thing that I did not mention is that we can not have global.asax because we are sitting on Umbraco 4.7. Thanks for the feedback. – user2591056 Jan 29 '14 at 16:12
@user2591056 thanks for your reply, added context is extremely helpful. – Andrea Scarcella Jan 29 '14 at 16:36
@msm8bball Thanks for your feedback, but did you happen to acutally use the Session object elswhere in your application? (This comment was originally intended for you, sorry for the confusion) – Andrea Scarcella Jan 29 '14 at 16:37
1

@AndreaScarcella Nope. I just needed a Session ID and did not use the Session object. Adding a global.asax was sufficient to keep the SessionID constant. – mason Jan 29 '14 at 16:39

Web Requests do not use same session identifier

1 Answers1