HttpApplication.Session.SessionID Change on Each Request. Is it Normal?

M

Mike Kline

Hi There!

I'm creating a HttpModule and after AcquireRequestState event, I tried to
access the HttpApplication.Session.SessionID and somehow I'm getting a new
value on every Refersh of ASPX page.

I thought SessionID is supposed to stay static until the session timeout
defined in the web.config. Or am I missing something here???

Thanks!!

MK
 
J

JoakimR

It sounds like the browser doesn't accept the session cookie. When the
server doesn't "see" an ASP-session cookie, it creates a new session.
Check your browser security settings.
 
M

Mike Kline

Hi JoakimR,

Thanks for the reply! I've checked my IE setting and it is in the level of
"Accept All Cookies".

Any other ideas?

Cheers,
MK
 
J

John Saunders

Mike Kline said:
Hi There!

I'm creating a HttpModule and after AcquireRequestState event, I tried to
access the HttpApplication.Session.SessionID and somehow I'm getting a new
value on every Refersh of ASPX page.

I thought SessionID is supposed to stay static until the session timeout
defined in the web.config. Or am I missing something here???

Does your HttpModule implement IRequireSessionState?

I've seen this happen for pages which refer to SessionID but which do not
read or set Session.

John Saunders
 
M

Mike Kline

No, my httpModule doesn't implement IRequireSessionState.

The more I test it, the more I think it is not the problem with my
httpModule. Because at last, here's how I tested for the SessionID using a
normal ASPX page.

Sub Page_Load()
Response.Write(Session.SessionID.ToString())
End Sub

and everytime I refresh it, I get a new value! In the web.config file I have
<sessionState timeout="20" /> and still generating new SessionID on each
refresh.

The strange thing is that I have about 5 ASP.NET web sites currently running
and I tested on all of those websites. The result is surprisingly the Same!
How could a new SessionID be generated on each refresh????

I am absolutely hitting my head against the wall! Help!

MK
 
M

Mike Kline

Just an update...

My server is Windows 2000. And my server names doesn't contains any
"illegal" characters such as _ (underscore).

help......

MK
 
J

John Saunders

Mike Kline said:
No, my httpModule doesn't implement IRequireSessionState.

The more I test it, the more I think it is not the problem with my
httpModule. Because at last, here's how I tested for the SessionID using a
normal ASPX page.

Sub Page_Load() Session("foo") = "bar"
Response.Write(Session.SessionID.ToString())
End Sub


Try putting something into Session state before checking SessionID.

John Saunders
 
Joined
Jan 13, 2009
Messages
1
Reaction score
0
***EDIT***

Very sorry, did not bother looking at the date on the thread! Well I guess this will help some other person who needs it

*********

I just had a similar problem, my solution happened to be very simple:

You have to make sure that the session_start(); is absolutely the first thing on the page, right after the php tag. If the session start is below anything such as an <html> tag, the session will be interrupted upon a refresh, and a new one will be created. I know this answer might sound stupid, but if you made this mistake, you might never have figured it out.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top