81

I'm getting this fault intermittently.

I found this link which summarises fairly well what I was able to find on the Google: http://www.wacdesigns.com/2009/02/03/session-state-has-created-a-session-id-but-cannot-save-it-because-the-response-was-already-flushed-by-the-application/

Basically it says you can try setting the web config setting DisplayWhenNewSession, or try kicking the session state thing into life by getting the Session.SessionID in the Session_OnStart.

But does anyone:

a) have an explanation for this

or even better, b) have a tried and tested fix

I realise that I can't flush the response after doing anything that would affect the http response header. If I did this it would cause an error every time but this is intermittent. The SessionID should surely be created by ASP.NET at the beginning of the page response automatically, before anything in the ASPX page or the Page_Load (which is where all my flushes are called).

Update: On reflection I realise this is happening when streaming a file down to the browser. Most of the browsers are actually search engine bots. I can recreate this error by starting a download and then closing the browser, so presumably the browsers are not waiting for the download to complete before cancelling the download operation. I have also seen this on other, normal pages, but 99% of the time it is download pages.

Mr Lister
  • 45,515
  • 15
  • 108
  • 150
mike nelson
  • 21,218
  • 14
  • 66
  • 75
  • 1
    I have exactly the same problem. The only reason I saw it at all was when I put exception handling in Global.asax. It's very intermittent. It would be great if someone knew the answer to this! – Scott Ferguson Aug 03 '09 at 16:22
  • 6
    The link is now broken :-( – Casebash Apr 29 '11 at 04:37
  • Wayback machine link: https://web.archive.org/web/20090208233145/http://www.wacdesigns.com/2009/02/03/session-state-has-created-a-session-id-but-cannot-save-it-because-the-response-was-already-flushed-by-the-application/ – lorenzog Feb 12 '18 at 20:56

5 Answers5

92

I have!

In the global.asax file you do this :

void Session_Start(object sender, EventArgs e) 
{
    // Code that runs when a new session is started
    string sessionId = Session.SessionID;
}

So easy. It works!

eitama
  • 1,477
  • 14
  • 16
  • Is this a public/protected method - as it stands its private, I guess it should be protected. Is the sample complete, the fact that the sessionId is not saved, I presume is fine - its the triggering of the creation that is important, right? – Chris Kimpton May 20 '10 at 07:33
  • Thanks. I think this generally works so I will mark it as accepted answer, although I am not 100% sure. Can anyone comment please if they find a case where this doesn't work? Thanks. – mike nelson Jul 31 '10 at 11:52
  • I simply added this method to my global.asax file and it got rid of my error message, which was the same as the question, thanks a lot eitama! – vanhornRF May 12 '11 at 15:44
  • This resolved my issue (I was forcing flush) But do you know why this works as a solution? – Amicable Apr 25 '13 at 16:27
  • This answer has just saved me many hours. Never would have guessed it. Thank you! – JsAndDotNet Nov 07 '14 at 16:16
  • Worked for me too. Instead of putting it in global.asax, I put it right before the method that flushes the response stream. In my case it is streaming a pdf to the browser. – AdmSteck Apr 24 '15 at 17:12
  • I got the same "Session state has created..." error on that statement: System.Web.HttpException (0x80004005): Session state has created ... at System.Web.SessionState.SessionIDManager.SaveSessionID(HttpContext context, String id, Boolean& redirected, Boolean& cookieAdded) at System.Web.SessionState.SessionStateModule.DelayedGetSessionId() at System.Web.SessionState.HttpSessionStateContainer.get_SessionID() at Store24Next.Web.MvcApplication.Session_Start() in d:\Builds\1\... – GarDavis Nov 04 '15 at 15:59
  • This answer is almost eight years old, and it's still doing good in the world today. Worked perfectly for me. – Shahzad Qureshi Mar 10 '17 at 04:36
  • 1
    Still no explanation as to _*why*_ this works 8 years later? – JamieS Mar 08 '18 at 12:40
  • 2
    I like the way how it still works after 8 year without any explanation. It works like a charm! – atakan Jul 30 '18 at 22:21
  • It didn't work for me. Still getting the error So any other solution ... – Dip Girase Mar 27 '19 at 09:45
  • Works for me too but I would suggest `_ = Session.SessionID;` to avoid warnings. – Miro J. Oct 21 '19 at 18:17
  • 2
    You know how they say don't paste in code you don't understand? yolo – Ian Boyd Feb 26 '22 at 18:43
25

This error seems to appear when :

  • The application start

  • You're using a Global.asax even if you're doing something in the Session_Start / End events or not

  • Your application forces the Flush of the response too soon

  • You're not using the Session before the flush

It is raised by the session state when it try to save the sessionID on release :

System.Web.SessionState.SessionIDManager.SaveSessionID(HttpContext context, String id, Boolean& redirected, Boolean& cookieAdded)
System.Web.SessionState.SessionStateModule.CreateSessionId()
System.Web.SessionState.SessionStateModule.DelayedGetSessionId()
System.Web.SessionState.SessionStateModule.ReleaseStateGetSessionID()
System.Web.SessionState.SessionStateModule.OnReleaseState(Object source, EventArgs eventArgs)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

I believe the presence of Global.asax causes the session ID to be saved on release by the SessionStateModule (late?) even if no session have been used instead of HttpSessionState when SessionID is called.

It's the reason why string sessionId = Session.SessionID; trick avoid the problem.

I guess it only appears on application start because of initialization behaviors.

Solutions/tricks :

  • Avoid flushing in Page_Load as already said

  • Desactivate session state on the page (EnableSessionState)

  • Use the SessionID trick before the flush

  • Use Response.End() in place of .Flush() if you don't care about errors which can occur after your flush

JoeBilly
  • 3,057
  • 29
  • 35
6

I believe the issue here may be exactly that you're doing something to cause page output during Page_Load, which, according to the ASP.NET Page Lifecycle Overview is long before the rendering stage.

Ensure that you never do anything that could trigger page output until after the PreRender stage.

cjs
  • 25,752
  • 9
  • 89
  • 101
3

Having just run into this problem myself, I thought I'd share my findings.

The web.config setting DisplayWhenNewSession is irrelevant as it only applies to one particular customcontrol on Codeplex (sorry I've lost the link).

The other suggestion appears to work by initialising the SessionId early. I dug into the code using Reflector and couldn't quite see how this prevented the error here, but it certainly worked for us!

Like most people who seem to run into this bug, we are not explicitly calling Response.Flush() anywhere in the app. We are also using MVC, for the record.

Gaz
  • 4,064
  • 3
  • 32
  • 34
0

I recognise this is very old, but I found another reason for the error which might apply to others. If you are using MVC (I was using MVC 4 with .Net 4.0) and you set pages to not buffer by using the web.config element 

<pages buffer="false">

Then if in your code you try to push data into the session object, may be risking getting this error if the page had started rendering before your child view or action performing the session state access.

In such cases, you can fix the error by changing the buffer setting above to true. Alternatively, move your session access code to the main view and not in a child action/child view.

Michele La Ferla
  • 6,775
  • 11
  • 53
  • 79
Mike Teye
  • 1