Click here to Skip to main content
13,357,438 members (64,515 online)
Click here to Skip to main content
Add your own
alternative version


11 bookmarked
Posted 27 Aug 2011

ASP.NET Session End Event Fires Immediately After Session Start - Resolved

, 28 Aug 2011
Rate this:
Please Sign up or sign in to vote.
What you should know about Session Start/End events in order to protect your application from possible performance issues.

The Question

Whilst browsing StackOverflow, I came across an old unanswered question from Feb 10 which caught my eye.

At first, I was quick to dismiss it as nonsense, but then I started looking into it further and became interested. It seems a lot of people are reporting an issue whereby Session_End is sometimes called immediately after Session_Start.

This can be reproduced in .NET 2.0/3.5 using the following steps:

  • Create a new .NET 2.0 WebForms WebApplication
  • Configure session for InProc, and set the timeout to 1 minute
  • Add a break point on Session_Start and Session_End events
  • Debug the application and F5 to skip the first Session_Start break point
  • Wait until the Session_End fires after 1 minute
  • Refresh the browser, and notice Session_End is called immediately after Session_Start
  • Note that adding a session variable to the page OnLoad solves the issue

According to documentation, there are 2 activities that can cause the Session_End event to fire.

  • When Session.Abandon() is called
  • Immediately after the Session expires

In this example, neither are true. So how can this be?

The Answer

Doing some research on the internet, I found a clue in a blog post on session state. It revealed an interesting quirk about how session state is handled.

This is that ASP.NET will only create a new InProc session if the session is actually used by the application. If not, then the session is not persisted, and it will not even issue a session cookie (where it doesn't already exist).

So here's what's happening.

When the browser is refreshed after the session timeout, the old session cookie is sent in the request. This causes ASP.NET to reuse the original session ID for a new session. However because at the end of the request the application has not yet used the session, ASP.NET effectively abandons it to avoid persistence and to free resources. This causes an early Session_End event.

Now because ASP.NET does not actually delete the pre-existing session cookie, every subsequent request is essentially restarting the session ID and repeating the sequence of events, such that Session_Start/Session_End are fired repeatedly until either the session is used or the cookie deleted.

The Fix

The issue has already been resolved in .NET 4.0. I suspect the session now remains persisted in the case of a session restart.

If your application is using .NET 2.0/3.5 and has expensive code hooked into the session start/end events, then I recommend you add a dummy session variable to your session start routine. This solves the problem by flagging the session as in use, and helps protect your server resources from excessive session events.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

United Kingdom United Kingdom
Mike Carlisle - Technical Architect with over 20 years experience in a wide range of technologies.


You may also be interested in...

Comments and Discussions

GeneralAvoid relying on this event Pin
Steven Berkovitz30-Aug-11 16:26
memberSteven Berkovitz30-Aug-11 16:26 
GeneralRe: Avoid relying on this event Pin
Florian DREVET1-Sep-11 10:09
memberFlorian DREVET1-Sep-11 10:09 
QuestionInteresting article Pin
Florian DREVET30-Aug-11 9:44
memberFlorian DREVET30-Aug-11 9:44 
SuggestionYou can also add the dummy session variable in the Session_Start Pin
jacwak27-Aug-11 21:10
memberjacwak27-Aug-11 21:10 
GeneralRe: You can also add the dummy session variable in the Session_Start Pin
TheCodeKing28-Aug-11 1:55
memberTheCodeKing28-Aug-11 1:55 
GeneralRe: You can also add the dummy session variable in the Session_Start Pin
jokertin9215-Oct-11 3:55
memberjokertin9215-Oct-11 3:55 
GeneralRe: You can also add the dummy session variable in the Session_Start Pin
jacwak16-Oct-11 18:42
memberjacwak16-Oct-11 18:42 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.180111.1 | Last Updated 28 Aug 2011
Article Copyright 2011 by TheCodeKing
Everything else Copyright © CodeProject, 1999-2018
Layout: fixed | fluid