HttpContext.Current.Session null item

Question

i'm storing in HttpContext.Current.Session current user, SiteUser is single-tone class that presents current active siteuser, and when he logged i'm creating new SiteUser() in controller and in constructor adding him to the session:

public static SiteUser Create()
{
    HttpContext.Current.Session[sessionKey] = new SiteUser();

    return HttpContext.Current.Session[sessionKey] as SiteUser;
}

then, with every request to the server services i'm check is user available in session:

public static SiteUser Current
{
    get
    {
        if (HttpContext.Current.Session == null || HttpContext.Current.Session[sessionKey] == null)
        {
            throw new SiteUserAutorizationExeption();
        }

        return HttpContext.Current.Session[sessionKey] as SiteUser;
    }
}

otherwise i'm generate non-auth-user exception and redirect him to the logon page. but sometimes HttpContext.Current.Session[sessionKey] is null, but HttpContext.Current.Session doesn't null and FormsAuthenticationTicket is available and Expired property is also false. can somebody help me, why HttpContext.Current.Session[sessionKey] can be null?

UPD: webconfig session settings: <sessionState mode="InProc" timeout="20" />

UPD: sessionKey is: public const string sessionKey = "SiteUser";

UPD2: i'm forget to add, that in session also stored Culture settings:

HttpContext.Current.Session["Culture"]

and when exception hits, that HttpContext.Current.Session[sessionKey] is null, culture-item isn't

UPD3: i have downloaded symbol tables of source .NET Framework and set breakpoints at SessionStateItemCollection on changing collection items. and i resolved some mistakes: 1) all collection items are null — "culture" is setting up after 2) it happens at the session end event i can't understand how it can be, because at web.config session timeout is set 20

Is it in-memory session? or is configured to persist to a database? Also : is IIS perhaps recycling the app-pool? — Marc Gravell, Jan 17 '11 at 06:06
mmm.. i'm using InProc session mode, is it mean that session is in-memory? is IIS perhaps recycling the app-pool - i don't sure, currently i'm run at asp.net development server — Boo, Jan 17 '11 at 06:16
I don't the the dev server will recycle - that is an IIS thing — Marc Gravell, Jan 17 '11 at 06:25
@Daniel, yes. the real problem was in IIS cache settings. under high load it can cache cookies with sessions — Boo, Feb 14 '15 at 14:05
Did you do something special to solve this? Sometimes, I have the same problem on debug on my local machine. — Daniel, Feb 15 '15 at 13:54

score 7 · Accepted Answer · answered Jan 17 '11 at 06:14

sessionKey may be changing, you probably only need to do:

HttpContext.Current.Session["CurrentUser"]

Or the session may be expiring, check the timeout:

http://msdn.microsoft.com/en-us/library/h6bb9cz9(VS.71).aspx

Or you may be setting the session value from somewhere else, normally i control access to Session/Context object through one property

static readonly string SESSION_CurrentUser = "CurrentUser";

public static SiteUser Create() {     
 SiteUser.Current = new SiteUser();      
 return SiteUser.Current;
}

public static SiteUser Current {     
 get {         
  if (HttpContext.Current.Session == null || HttpContext.Current.Session[SESSION_CurrentUser] == null) {             
   throw new SiteUserAutorizationExeption();         
  }          
  return HttpContext.Current.Session[SESSION_CurrentUser] as SiteUser;     
 } 
 set {
  if (!HttpContext.Current.Session == null) {
   HttpContext.Current.Session[SESSION_CurrentUser] = value;
  }
 }
}

yes, my sessionKey is const string value. i'm forget to add information about this to the topic. i will try to set in property, this is good idea, thanks — Boo, Jan 17 '11 at 06:18

HttpContext.Current.Session null item

1 Answers1

Linked