How to reset session ID when app starts in ASP.NET MVC

Question

In an ASP.NET MVC 5 app, I'd like to reset the session ID when the app starts. Using this answer should reset the session ID. I've applied that code in Global.asax.cs:

protected void Session_Start(object sender, EventArgs e)
{
    Session.Abandon();
    Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
    var manager = new SessionIDManager();
    string newID = manager.CreateSessionID(Context);
    bool redirected = false;
    bool isAdded = false;
    manager.SaveSessionID(Context, newID, out redirected, out isAdded);
}

However, with the above code, the session ID remains the same between Session.Abandon() and after manager.SaveSessionID() (I use the Immediate Window in Visual Studio and test by running this: Session.SessionID).

Am I doing this in the right point in the app lifecycle? What am I doing wrong?

Interesting note, those SessionIDManager methods are both documented to say: "This method is not intended to be called from application code." — Crowcoder, Nov 03 '17 at 12:21
Thanks, @Crowcoder. Wish Microsoft didn't provide methods we're not supposed to call, because invariably we use them with unintended consequences. — Alex, Nov 03 '17 at 12:24

How to reset session ID when app starts in ASP.NET MVC

0 Answers0