Handler with IRequiresSessionState does not extend session timeout

Question

I have a handler, like this, using IRequiresSessionState:

public class MyHandler : IHttpHandler, IRequiresSessionState
{
  // code
}

In the code, I am able to read and set Session values. I also check ensure that the caller is logged in. That all works fine.

The web site uses forms authentication, so in the web.config, I have this:

<authentication mode="Forms">
   <forms loginUrl="Login.aspx" timeout="10" slidingExpiration="true"></forms>
</authentication>

The problem is that AJAX calls from the client to the server code MyHandler do not extend the life of the session!

So even if the user is busy sending and receiving data from the server, they time out 10 minutes after their last full page load.

In the handler, I've tried specifically changing a value is the session on each call, but not even that extends the time out.

Any suggestions?

Answer 1

Finally got a solution to this... sort of.

I abandoned trying to get the handler to do the job, and instead called a normal ASPX page. In that page, I removed the HTML code, and used Response.Write(...) to send back some JSON that I wanted. However, even with that, my session was not being extended!

I finally realized that in the PreRender event, I used Response.ClearHeaders(). That was the problem. It turns out that the Forms authentication system was updating the session ticket cookie when needed, but was adding it to the Headers before my code was running. So when I cleared the headers, I was erasing the new cookie before it was sent to the browser.

So, if you are having problems with sessions not being extended, check to make sure that your code is not using ClearHeaders()!