views:

448

answers:

3

I'm running a ASP.NET website on my development box (.NET 2.0 on Vista/IIS7). The Session_Start method in global.asax.cs logs every call to a file (log4net). The Session_End method also logs every call.

I'm using InProc session state, and set the session timeout to 5 mins (to avoid waiting for 20 mins).

I hit the website, wait for 5 minutes unit I see the Session_End logging. Then I F5 the website. The browsers still has the session cookie and sends it to the server. Session_Start is called and a new session is created using the same session id (btw: I need this to be the same session id, because it is used to store data in database).

Result: Every time I hit F5 on a previously ended session, the Session_Start method is called.

When I open a different browser, the Session_Start method is called just once. Then after 5 minutes the Session_End each F5 causes the Session_Start method to execute.

Can anyone explain why this is happening?

Update: After the Session timeout, all subsequent requests have a session start & session end. So in the end my question is: why are the sessions on these subsequent request closed immediatly?

2010-02-09 14:49:08,754 INFO  Global.asax[7486] [(null)] - Session started. SID=nzponumvf1hbaniverffp4mq host=127.0.0.1
2010-02-09 14:49:08,754 INFO  Global.asax[7486] [nzponumvf1hbaniverffp4mq] - Request start: GET http://localhost:80/js/settings.js
2010-02-09 14:49:08,756 INFO  Global.asax[7486] [(null)] - Session ended. SID=nzponumvf1hbaniverffp4mq
2010-02-09 14:49:08,760 INFO  Global.asax[7486] [(null)] - Session started. SID=nzponumvf1hbaniverffp4mq host=127.0.0.1
2010-02-09 14:49:08,760 INFO  Global.asax[7486] [nzponumvf1hbaniverffp4mq] - Request start: GET /css/package.aspx?name=core
2010-02-09 14:49:08,761 INFO  Global.asax[7486] [(null)] - Session ended. SID=nzponumvf1hbaniverffp4mq
2010-02-09 14:49:08,762 INFO  Global.asax[7486] [(null)] - Session started. SID=nzponumvf1hbaniverffp4mq host=127.0.0.1
2010-02-09 14:49:08,762 INFO  Global.asax[7486] [nzponumvf1hbaniverffp4mq] - Request start: GET /js/package.aspx?name=all
2010-02-09 14:49:08,763 INFO  Global.asax[7486] [(null)] - Session ended. SID=nzponumvf1hbaniverffp4mq
2010-02-09 14:49:08,763 INFO  Global.asax[7486] [(null)] - Session started. SID=nzponumvf1hbaniverffp4mq host=127.0.0.1
2010-02-09 14:49:08,763 INFO  Global.asax[7486] [nzponumvf1hbaniverffp4mq] - Request start: GET /css/package.aspx?name=rest
2010-02-09 14:49:08,764 INFO  Global.asax[7486] [(null)] - Session ended. SID=nzponumvf1hbaniverffp4mq
2010-02-09 14:49:08,764 INFO  Global.asax[7486] [(null)] - Session started. SID=nzponumvf1hbaniverffp4mq host=127.0.0.1
2010-02-09 14:49:08,765 INFO  Global.asax[7486] [nzponumvf1hbaniverffp4mq] - Request start: GET /css/package.aspx?name=vacation
2010-02-09 14:49:08,765 INFO  Global.asax[7486] [(null)] - Session ended. SID=nzponumvf1hbaniverffp4mq

web.config relevant section:

<system.web>
  <compilation debug="true" />
  <sessionState timeout="2" regenerateExpiredSessionId="false" />
</system.web>
+1  A: 

hi can you please post you web.config?

check the regenerateExpiredSessionId value in system.web/sessionState

nWorx
I don't have regenerateExpiredSessionId in the web.config. I don't want to regenerate expired session id, this is a requirement because we need the session id to update records in the database
Jaap
maybe it would help if you set it manually to "false"
nWorx
setting the value to false doesn't work, still getting the Session_Start/Session_End for 1 request
Jaap
A: 

Are you making changes to bin folder of your web app? Like logging in the bin folder, this can cause was causing the session start to fire more than once.

mas_oz2k1
A: 

I think you are misunderstanding the meaning of regenerateExpiredSessionId. You currently have it set to false, which means it will REUSE expired session ID's, rather than generating a new one each time that user gets a new session. The ASP.NET session id is keept in the users cookie, and when regenerateExpiredSessionId is set to false, that users same session id will be reused for each NEW session they get so long as the cookie is valid.

Try setting regenerateExpiredSessionId to true.

jrista