3

I have handlers for my Session_Start and Session_End events. When I first start the application, everything works fine. If I leave the session and the standard timeout occurs, I watch my Session_End throw. I'm expecting that behavior.

Let's say though, I come back after the timeout and refresh a page. The Session_Start method runs, but then immediately the Session_End method runs. I'm expecting another 15 minutes of idleness between Session_Start and Session_End.

What would be the problem?

EDIT: Yes, same session id.

EDIT 2: Cookies look like they are supposed to expire at the end of session. Not sure why I keep getting this loop of Session_Start/Session_End. I've also tried calling Session.Abandon() from Session_End, and that didn't work. This is running off the ASP.NET Development server too. I haven't tried it on a real IIS server yet.

Kevin Griffin
  • 2,239
  • 4
  • 25
  • 27

5 Answers5

4

It's a bit late to answer but it might be useful to other users who have the same problem.. I've experienced the same behavior as you've seen: Session_Start() and Session_End() are called for every request after the first timeout and the SessionID is always the same:

  1. I've run the same code with ASP.NET 4.0 and the problem is gone.

  2. As a workaround in ASP.NET 2.0/3.5, just put anything in the session collection (Session["dummy"] = "dummy"), and Session_Start() and Session_End() will behave normally.

Alex B
  • 644
  • 1
  • 9
  • 22
  • 1
    I have just seen the same problem. Although I am not sure about your work around since we *always* store something in the session for every session created. I have read that Session_End will not fire if you have a completely empty session [http://www.vikramlakhotia.com/Mystries_of_when_does_Session_End_event_fires_in_AspNet.aspx] [In my case I had a click handler on the page which made AJAX requests to the server - if that makes a difference] – Chris Fewtrell Apr 08 '10 at 18:33
  • don't you use `Session_Start` and `Session_End` for ***Count*** users ? WebFarm. Any source code samplefull? – PreguntonCojoneroCabrón Nov 05 '16 at 12:56
1

For anyone with the same problem. The answer given by Alex B saved me.

This no longer happens on 4.0, but if you put something in the Session inside the Session_Start handler, this cuts the Session_Start -> Session_End circle, and you don't even have to delete cookies.

samaro
  • 11
  • 2
1

.Net does some funky things with their session cookies, esp. in conjunction with Forms auth. I'm just guessing, but I'd think that the client is hanging on to the cookie, and re-sending it to the server even after its invalid, which (I'm guessing here) might trigger a restart of the session, at which point it recognizes that its invalid and trashes it, causing the session end.

Try:

  1. Making sure your cookies are set to expire properly
  2. Calling Session.Abandon() and FormsAuthentication.SignOut()

Not sure if that helps, but FWIW.

Jerod Venema
  • 44,124
  • 5
  • 66
  • 109
0

Can you verify that the events are firing for the same session ID?

mtazva
  • 1,005
  • 9
  • 13
0

This is a duplicate of this question.

It's because of the way ASP.NET 2.0/3.5 handles sessions based on whether it's in use. In normal circumstances it does not try to persist a session until the first time it's used and therefore does not issue a session cookie (if it doesn't exist). The first time session is used, a session is created on the server and a session cookie issued.

Now when a previous session is restarted but not used, then ASP.NET gets a little confused. It tries to abandon the unused (restarted) session immediately as it's not required, which raises an early Session_End. However it does not delete the pre-existing session cookie, and hence every subsequent request repeats the sequence, restarting and then terminating the session until the cookie is deleted or the session is used.

In .Net 4.0 this behaviour has changed, and the event no longer fires in this case.

Community
  • 1
  • 1
TheCodeKing
  • 19,064
  • 3
  • 47
  • 70