0

I have to implement session handling across multiple users, and multiple browsers. Each user has a unique token which I save in HttpContext.Current.Session variable inside the Session__Start() in Global.asax.cs method. It works perfectly fine for a single session. However, when I fire the request from two browsers, then while browsing through various pages, sometimes the method Session_Start() automatically gets called for the second session and it resets the session variable, resulting in a null value.

How should I handle this scenario?

Edit 1: What are the scenarios where the session may time out? Eg: switching between HTTPGet/HttpPost, or making Ajax calls?

I also read this link: Does Session timeout reset on every request

Is this something which I should be keeping in mind? My code has 2 GET and 1 POST request, and the session variable becomes NULL in the POST method for the second browser session.

TimCook12345
  • 57
  • 8
  • 1
    Define "two browsers". – Kenneth K. Jun 11 '18 at 10:55
  • I tried from **firefox** and **chrome** because I wanted to test for multiple simultaneously active sessions. However I am looking for multiple sessions across users, who are not logged in but just using the web application normally. – TimCook12345 Jun 11 '18 at 11:57
  • Each browser is going to handle session on its own. Within a browser, session is implementation specific, but generally speaking session is shared among tabs (excluding "private browsing sessions"). This is due to session being tracked via a cookie. Cookies are tied to (remote) domains, not browser tabs/windows, so when you open a new tab to the same site, the same cookie gets submitted to the remote server. – Kenneth K. Jun 11 '18 at 12:57
  • I understand that different tabs within the same browser share cookies, but what about different browser windows, eg: 1 Firefox window, and 1 Chrome window? – TimCook12345 Jun 11 '18 at 13:01
  • I figured out the reason. The sessionState mode in web.config file was set to "InProc", whereas it should be set as "StateServer". When I made the necessary change, then it worked like a charm. ASP.net state service should also be started from services.msc for this to work. – TimCook12345 Jun 12 '18 at 13:49

1 Answers1

0

I figured out the reason. The sessionState mode in web.config file was set to "InProc", whereas it should be set as "StateServer". When I made the necessary change, then it worked like a charm.

ASP.net state service should also be started from services.msc for this to work.

TimCook12345
  • 57
  • 8
  • There are some additional points to note: Adding/removing the ASP.NET_SessionId cookie will also reset the session. – TimCook12345 Jun 21 '18 at 09:43