Binding to HttpContext.Current.Session w/ Static Variable Does Not Work

Question

Original Question

Hello All,

I'm a bit confused on how MVC maps HTTP requests to session state.

My HTTP request looks like this:

GET / HTTP/1.1
Host: test.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.32 Safari/532.0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

How does the server know which user session to map that to? There aren't really any flags that mark who I am. Only way I could guess is that it uses the source IP of the request?

Reason I ask is that I people from my same corporate network (sharing same public IP) hit the MVC site, it acts as if we all share the same session.

If it does in fact use IP, then is there a way to change it to use a SessionID cookie. I messed around with the web.config per some other posts, but I haven't had any luck.

Your help is much appreciated.

Thanks, Chris

---

Resolution

So, as you all guessed, it turns out I some doing something tremendously wrong. I create a class to abstract the process of grabbing session var. The class has static properties which grabbed from session state:

public class SessionValue
{
    private static HttpSessionState Session = HttpContext.Current.Session;

    private const string stepId = "currentStep";
    private const string username = "username";

    public static int StepId
    {
        get
        {
            if (Session[stepId] == null)
            {
                Session[stepId] = 1;
            }

            return (int)Session[stepId];
        }
        set
        {
            Session[stepId] = value;
        }
    }

    public static string Username
    {
        get
        {
            if (Session[username] == null)
            {
                Username = "";
            }

            return (string)Session[username];
        }
        set
        {
            Session[username] = value;
        }
    }
}

For some reason, I assumed that the static variable declaration would be recreated w/ every web request, which is clearly a very drunk misconception as this will only be set once when the application first loads. I still have no idea what it was actually binding to as it did seem that some sort of session was being maintained.

Nonetheless, changing the properties to actually directly use HttpContext.Current.Session[string] solved the problem. Thanks everyone for your help.

Answer 1

A session ID is stored in a cookie that your browser sends to the server along with every request.

That's the default setting anyway. I guess you should be able to see the cookie in the headers then. Are you sure that what you posted is the complete header?

Answer 2

Are you sure session state is not set to cookieless? (then it will take session id from url)

<sessionState cookieless="true" />

http://yourserver/something/session ID here/something