SessionID keeps changing in ASP.NET MVC why?

Question

I am trying to keep track of something and using the SessionID as they key to that object

However the SessionID every 2-3 reqiests changes shouldn't it remain the same?

HttpContext.Session.SessionID

Is the code I am using.

score 51 · Accepted Answer · answered Nov 12 '08 at 08:40

51

I've seen that happen even without MVC. If I remember correctly, ASP.NET keeps assigning new session ids until you place something into the Session variable.

answered Nov 12 '08 at 08:40

Maxam

4,043
2
24
25

it looses session even if you put something into it. Machine key inside web.config is the only thing that addresses that issue – Hrvoje Hudo Nov 12 '08 at 15:06
Only if there was a web farm involved. And if you read the OP's comment in one of the answers, you'll find that adding an item to the session variable did fix the problem. – Maxam Nov 12 '08 at 15:41
My hosting provider doesn't have web farm, and adding stuff to session don't fix it. I still loose it after few minutes - even if i have lot of stuff in session (loged user, his shop basket,...) I tried with 2 hosting providers – Hrvoje Hudo Nov 13 '08 at 09:40
This is rather strange behavior but it is true, assigning any data to Session collection solves this problem. – zidane Sep 23 '09 at 07:37
3

See [stackoverflow.com/questions/2874078/asp-net-session-sessionid-changes-between-requests](http://stackoverflow.com/questions/2874078/asp-net-session-sessionid-changes-between-requests) for more information. – Neville Cook Aug 19 '11 at 14:34
Brilliant! Same behavior in Razor pages as well. – PepitoSh Mar 14 '19 at 10:14

score 28 · Answer 2 · edited Oct 30 '15 at 11:22

28

You should initialize the Session object within Global.asax.cs.

void Session_Start(object sender, EventArgs e)
{
    HttpContext.Current.Session.Add("__MyAppSession", string.Empty);
}

This way the session will not change unless your browser window is closed.

edited Oct 30 '15 at 11:22

Joseph Woodward

9,191
5
44
63

answered Apr 29 '11 at 18:04

javierlinked

553
6
6

score 5 · Answer 3 · edited Jan 28 '17 at 22:40

5

I am working on a .NET MVC cart application and I added

Session["myVar"] = "1234";

to the Page_Load method found in the Default.aspx.cs code. I also added

<%=  this.Session.SessionID %>

to the Site.Master footer. I then rebuilt my app and browsed the various pages of my app and the footer displays the same session id for all pages as expected!

edited Jan 28 '17 at 22:40

Gareth

5,140
5
42
73

answered Jan 19 '09 at 18:52

robnardo

921
11
27

score 3 · Answer 4 · answered Oct 28 '10 at 23:18

If you look the seession ID cookie is not even sent to the browser unless it's used on the server.

So when a page roundtrips there is no current session ID cookie, so a new session ID is created, hence it is random.

This is logical, why bother tying up the app to a session if the session is not in use?

score 2 · Answer 5 · answered Nov 11 '08 at 19:37

2

I would look into using TempData to keep track of something.

answered Nov 11 '08 at 19:37

MrJavaGuy

676
4
8

Actually all I had to do was assign a session variable a value and that made it stick.. – dswatik Nov 11 '08 at 19:44

score 0 · Answer 6 · answered Jan 20 '14 at 21:23

0

I was having the same problem using ASP.NET Web Forms. I just had to add a global.asax file to the solution and the fixed it for me.

answered Jan 20 '14 at 21:23

Flea

11,176
6
72
83

score 0 · Answer 7 · answered Nov 12 '08 at 08:35

Try with adding machine key into your web.config:
Online key generator: http://aspnetresources.com/tools/keycreator.aspx It seems that server resets machine key for client and generates new one with new session id, every few minutes, which is much lower than it should. Don't know if that's bug or feature:)
Also, you can increase your session state timeout, which is i think 20min by default.

score 0 · Answer 8 · answered Mar 23 '16 at 01:36

Summing up answers from @jrojo and @Maxam above, with what I am using.

I am using AWS DynamoDB as the session store (out of scope of the question a little, but gives sample).

Add package via NUGET: Install-Package AWS.SessionProvider

Update Web.config to have keys in appSettings:

<add key="AWSAccessKey" value="XXX" />
<add key="AWSSecretKey" value="YYY" />

And session provider to system.web:

<sessionState timeout="20"
              mode="Custom"
              customProvider="DynamoDBSessionStoreProvider">
  <providers>
    <add name="DynamoDBSessionStoreProvider"
      type="Amazon.SessionProvider.DynamoDBSessionStateStore, AWS.SessionProvider"
      AWSProfilesLocation=".aws/credentials"
      Table="ASP.NET_SessionState"
      Region="us-east-1"
      />
  </providers>
</sessionState>

Add anything to session in global.asax on session start:

void Session_Start(object sender, EventArgs e) {
  HttpContext.Current.Session.Add("somethingToForceSessionIdToStick", string.Empty);
}

Verify by adding this to razor of any page. Refresh that page, then open an ignito window and see a different session:

@HttpContext.Current.Session.SessionID

BobsYourUncle

score 0 · Answer 9 · answered Jan 04 '22 at 16:59

0

please see if you have set the cookie samesite attribute to strict.

remove cookieSameSite="Strict" and check.

answered Jan 04 '22 at 16:59

AnkitK

388
3
10

SessionID keeps changing in ASP.NET MVC why?

9 Answers9

BobsYourUncle

Linked