Best IT Recipes

HttpContext.Current.Session is null for routing requests

Without routing, HttpContext.Current.Session is HttpContext.Current.Session , so I know that StateServer works. When I forward my requests, HttpContext.Current.Session null on the routed page. I am using .NET 3.5 sp1 on IIS 7.0 without MVC previews. It seems that AcquireRequestState never starts when using routes, so the session variable is not created or populated.

When I try to access session variables, I get this error:

base {System.Runtime.InteropServices.ExternalException} = {"Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. Please also make sure that System.Web.SessionStateModule or a custom session state module is included in the <configuration>.

During debugging, I also get an error that HttpContext.Current.Session not available in this context.

-

My web.config looks like this:

 <configuration> ... <system.web> <pages enableSessionState="true"> <controls> ... </controls> </pages> ... </system.web> <sessionState cookieless="AutoDetect" mode="StateServer" timeout="22" /> ... </configuration>

Here's the implementation of IRouteHandler:

 public class WebPageRouteHandler : IRouteHandler, IRequiresSessionState { public string m_VirtualPath { get; private set; } public bool m_CheckPhysicalUrlAccess { get; set; } public WebPageRouteHandler(string virtualPath) : this(virtualPath, false) { } public WebPageRouteHandler(string virtualPath, bool checkPhysicalUrlAccess) { m_VirtualPath = virtualPath; m_CheckPhysicalUrlAccess = checkPhysicalUrlAccess; } public IHttpHandler GetHttpHandler(RequestContext requestContext) { if (m_CheckPhysicalUrlAccess && !UrlAuthorizationModule.CheckUrlAccessForPrincipal( m_VirtualPath, requestContext.HttpContext.User, requestContext.HttpContext.Request.HttpMethod)) { throw new SecurityException(); } string var = String.Empty; foreach (var value in requestContext.RouteData.Values) { requestContext.HttpContext.Items[value.Key] = value.Value; } Page page = BuildManager.CreateInstanceFromVirtualPath( m_VirtualPath, typeof(Page)) as Page;// IHttpHandler; if (page != null) { return page; } return page; } }

I also tried putting EnableSessionState="True" at the top of the aspx pages, but still nothing.

Any ideas? Should I write another HttpRequestHandler that implements IRequiresSessionState ?

Thank.

+41
c # session-variables routing
Oct 20 '08 at 11:03
source share
13 answers

Got it. This is actually pretty stupid. It worked after my removal and added a SessionStateModule as follows:

 <configuration> ... <system.webServer> ... <modules> <remove name="Session" /> <add name="Session" type="System.Web.SessionState.SessionStateModule"/> ... </modules> </system.webServer> </configuration>

Just adding will not work, since "Session" should already be defined in machine.config .

Now, interestingly, this is a common thing. This, of course, does not look so, because it seems so rude ...

+52
Oct 21 '08 at 9:01
source

Just add the runAllManagedModulesForAllRequests="true" attribute to system.webServer\modules in web.config.

This attribute is enabled by default in MVC and Dynamic Data projects.

+23
Dec 19 '08 at 15:46
source

runAllManagedModulesForAllRequests=true is actually a real bad solution. This increased the load time of my application by 200%. The best solution is to manually delete and add the session object and avoid the coincidence of all attributes of all managed modules.

+14
Jun 21 '11 at 17:00
source

Good job! I had the same problem. Adding and removing a session module worked fine for me. However, it did not return HttpContext.Current.User, so I tried your little trick with the FormsAuth module and, of course, did it.

 <remove name="FormsAuthentication" /> <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>
+3
Dec 13 '08 at 2:44
source

What @Bogdan Maxim said. Or change the use of InProc if you are not using an external sesssion state server.

 <sessionState mode="InProc" timeout="20" cookieless="AutoDetect" />

Look here for more information on the SessionState directive.

+2
Oct 20 '08 at 11:30
source

I had a similar problem and "it was solved": ASP.NET routing - Do user routes FULLY SKIP everything in Global.asax?

+1
Dec 30 '09 at 13:54
source

the best solution is

runAllManagedModulesForAllRequest is a smart thing that should respect deleting and re-entering a session module.

alc.

+1
Oct 28 '09 at 17:55
source

This explains the solution, http://jgvimalan.wordpress.com/2011/05/31/httpcontext-current-return-null-in-iis-7/

+1
Sep 25 2018-11-21T00:
source

None of the above solutions worked for me. I added the following method to global.asax.cs , then the Session was not null:

 protected void Application_PostAuthorizeRequest() { HttpContext.Current.SetSessionStateBehavior(SessionStateBehavior.Required); }
+1
Sep 22 '17 at 14:50
source

It looks like you forgot to add your server status address to the config file.

  <sessionstate mode="StateServer" timeout="20" server="127.0.0.1" port="42424" />
0
Oct 20 '08 at 11:10
source

The configuration section seems sound, as it works if it is usually accessed by pages. I tried the other suggested options, but the problem still exists.

I doubt the problem is with the session provider as it works without routing.

0
Oct 20 '08 at 11:29
source

I think this part of the code makes a difference to the context.

  Page page = BuildManager.CreateInstanceFromVirtualPath( m_VirtualPath, typeof(Page)) as Page;// IHttpHandler;

Also this piece of code is useless:

  if (page != null) { return page; } return page;

It will always return a page that fades to zero or not.

0
Oct 20 '08 at 13:59
source

I was missing a link to the System.web.mvc dll in the session adapter and adding the same fixed issue.

Hope this helps someone else get through the same scenario.

0
Oct 07
source


More articles:


All Articles