Click here to Skip to main content
Click here to Skip to main content
Search within:



 
Comments & Discussions (7)

ASP.NET Session End Event Fires Immediately After Session Start - Resolved

By , 28 Aug 2011
 

The Question

Whilst browsing StackOverflow, I came across an old unanswered question from Feb 10 which caught my eye.

At first, I was quick to dismiss it as nonsense, but then I started looking into it further and became interested. It seems a lot of people are reporting an issue whereby Session_End is sometimes called immediately after Session_Start.

This can be reproduced in .NET 2.0/3.5 using the following steps:

  • Create a new .NET 2.0 WebForms WebApplication
  • Configure session for InProc, and set the timeout to 1 minute
  • Add a break point on Session_Start and Session_End events
  • Debug the application and F5 to skip the first Session_Start break point
  • Wait until the Session_End fires after 1 minute
  • Refresh the browser, and notice Session_End is called immediately after Session_Start
  • Note that adding a session variable to the page OnLoad solves the issue

According to documentation, there are 2 activities that can cause the Session_End event to fire.

  • When Session.Abandon() is called
  • Immediately after the Session expires

In this example, neither are true. So how can this be?

The Answer

Doing some research on the internet, I found a clue in a blog post on session state. It revealed an interesting quirk about how session state is handled.

This is that ASP.NET will only create a new InProc session if the session is actually used by the application. If not, then the session is not persisted, and it will not even issue a session cookie (where it doesn't already exist).

So here's what's happening.

When the browser is refreshed after the session timeout, the old session cookie is sent in the request. This causes ASP.NET to reuse the original session ID for a new session. However because at the end of the request the application has not yet used the session, ASP.NET effectively abandons it to avoid persistence and to free resources. This causes an early Session_End event.

Now because ASP.NET does not actually delete the pre-existing session cookie, every subsequent request is essentially restarting the session ID and repeating the sequence of events, such that Session_Start/Session_End are fired repeatedly until either the session is used or the cookie deleted.

The Fix

The issue has already been resolved in .NET 4.0. I suspect the session now remains persisted in the case of a session restart.

If your application is using .NET 2.0/3.5 and has expensive code hooked into the session start/end events, then I recommend you add a dummy session variable to your session start routine. This solves the problem by flagging the session as in use, and helps protect your server resources from excessive session events.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

 TheCodeKing
Architect
United Kingdom United Kingdom
Member
Mike Carlisle - Technical Architect with over 10 years experience in a wide range of technologies.
 
@TheCodeKing

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board.
Search this forum  
    Spacing  Noise  Layout  Per page   
First Prev Next
GeneralAvoid relying on this eventmemberSteven Berkovitz30 Aug '11 - 15:26 
A lot of devs have been bitten by this bug/issue before. I think there is something to be said about avoiding use of this event since it is not always supported (only in InProc). Some day down the road, someone else will think its a good idea to use StateServer/SqlServer and then wonder why the app doesn't work.
-Steven
Sign In·View Thread·Permalink
GeneralRe: Avoid relying on this eventmemberFlorian DREVET1 Sep '11 - 9:09 
I wasn't aware of this event's limitation.
 
You're right, for the sake of maintenance and stability, the same code should work with all session persistance strategies.
Sign In·View Thread·Permalink
QuestionInteresting articlememberFlorian DREVET30 Aug '11 - 8:44 
Very interesting article, thank you to share it with us.
 
I suffered from this bug some monthes ago, when I managed to write an ASP.NET sessions manager whose goal was to "bind" NHibernate entity to ASP.NET session (using Spring.Net triggers) with NHibernate session per request pattern.
Sign In·View Thread·Permalink
SuggestionYou can also add the dummy session variable in the Session_Startmemberjacwak27 Aug '11 - 20:10 
This will solve the problem too.
Sign In·View Thread·Permalink
GeneralRe: You can also add the dummy session variable in the Session_StartmemberTheCodeKing28 Aug '11 - 0:55 
True, I added this to the last paragraph.
Follow @TheCodeKing | www.thecodeking.co.uk
Sign In·View Thread·Permalink
GeneralRe: You can also add the dummy session variable in the Session_Startmemberjokertin9215 Oct '11 - 2:55 
making cookieless="true" will solve the issue.
And can you tell me how to add dummy session variable in the Session_Start.
Sign In·View Thread·Permalink
GeneralRe: You can also add the dummy session variable in the Session_Startmemberjacwak16 Oct '11 - 17:42 
Something like Session.Add("Dummy","Dummy")
Sign In·View Thread·Permalink
Last Visit: 31 Dec '99 - 18:00     Last Update: 22 May '13 - 4:38Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

About Article
What you should know about Session Start/End events in order to protect your application from possible performance issues.
Type Article
Licence CPOL
First Posted 27 Aug 2011
Views 17,839
Bookmarked 10 times

, +
Top News

The Next Version of Android - Some of What's Coming

Get the Insider News free each morning.
Related Videos
French C# Tutorial Lesson 24 - Refactoring
Creating a Java Application Using a Package
Matrix Multiplication in C#
Creating animations with Dundas Chart for ASP.NET
Smarter Data Labels with Dundas Chart SmartLabels
Understanding Chart Areas with Dundas Chart for .NET
Add "Select All" to parameter lists in SQL Reporting
Using screensavers inside the Windows Media Player
Making Sense of Geographic Data with Dundas Map and AJAX
SmartLink
Create data-driven applications with the Hera Application Framework
Towards the self-documenting database: extended properties
Accessibility audit vs. accessibility testing
Digital Signatures and PDF Documents
Color Scale Filter
WMP Power Hour APP
Merge Landscape and Portrait PDFs using ASP.NET
How to conduct an SMS survey using a cell phone connected SMS gateway and MS Access
Using Barcodes in Documents – Best Practices
How to Retrieve EMC Centera Cluster/Pool Capabilities
"Hey! Is That My Car? How to Sharpen a QuickBird Satellite Image Using DotImage"
Integrate your SharePoint environment into the open standards-based WebSphere Portal platform using the Visual Studio IDE
VBScript / Excel 2007 - An easy way to access DBF files
Permalink | Advertise | Privacy | Mobile
Web02 | 2.6.130516.1 | Last Updated 28 Aug 2011
Article Copyright 2011 by TheCodeKing
Everything else Copyright © CodeProject, 1999-2013
Terms of Use
Layout: fixed | fluid