Is Response.End() considered harmful ?

Question

This KB Article says that ASP.NET's Response.End() aborts a thread.

Reflector shows that it looks like this:

public void End()
{
    if (this._context.IsInCancellablePeriod)
    {
        InternalSecurityPermissions.ControlThread.Assert();
        Thread.CurrentThread.Abort(new HttpApplication.CancelModuleException(false));
    }
    else if (!this._flushing)
    {
        this.Flush();
        this._ended = true;
        if (this._context.ApplicationInstance != null)
        {
            this._context.ApplicationInstance.CompleteRequest();
        }
    }
}

This seems pretty harsh to me. As the KB article says, any code in the app following Response.End() will not be executed, and that violates the principle of least astonishment. It's almost like Application.Exit() in a WinForms app. The thread abort exception caused by Response.End() is not catchable, so surrounding the code in a try..finally won't satisfy.

It makes me wonder if I should always avoid Response.End().

Can anyone suggest, when should I use Response.End(), when Response.Close() and when HttpContext.Current.ApplicationInstance.CompleteRequest()?

ref: Rick Strahl's blog entry.

---

Based on the input I've received, my answer is, Yes, Response.End is harmful, but it is useful in some limited cases.

• use Response.End() as an uncatchable throw, to immediately terminate the HttpResponse in exceptional conditions. Can be useful during debugging also. Avoid Response.End() to complete routine responses.
• use Response.Close() to indicate the response is done.
• use CompleteRequest() to ... ??

(I still don't know the difference between Response.Close and CompleteRequest().)

Answer 1

I've never considered using Response.End() to control program flow.

However Response.End() can be useful for example when serving files to a user.

You have written the file to the response and you don't want anything else being added to the response as it may corrupt your file.

Answer 2

I've used Response.End() in both .NET and Classic ASP for forcefully ending things before. For instance, I use it when there is a certian amount of login attempts. Or when a secure page is being accesed from an unauthenticated login (rough example):

    if (userName == "")
    {
        Response.Redirect("......");
        Response.End();
    }
    else
    {
      .....

When serving files to a user I'd use a Flush, the End can cause issues.

Answer 3

If you had employed an exception logger on your app, it will be watered down with the ThreadAbortExceptions from these benign Response.End() calls. I think this is Microsoft's way of saying "Knock it off!".

I would only use Response.End() if there was some exceptional condition and no other action was possible. Maybe then, logging this exception might actually indicate a warning.

Answer 4

I've only used Response.End() as a testing/debugging mechanism

<snip>
Response.Write("myVariable: " + myVariable.ToString());
Response.End();
<snip>

Judging from what you have posted in terms of research, I would say it would be a bad design if it required Response.End

Answer 5

I disagree with the statement "Response.End is harmful". It's definitely not harmful. Response.End does what it says; it ends execution of the page. Using reflector to see how it was implemented should only be viewed as instructive.

---

My 2cent Recommendation
AVOID using Response.End() as control flow.
DO use Response.End() if you need to stop request execution and be aware that (typically)* no code will execute past that point.

---

* Response.End() and ThreadAbortExceptions.

Response.End() throws a ThreadAbortException as part of it's current implementation (as noted by OP).

ThreadAbortException is a special exception that can be caught, but it will automatically be raised again at the end of the catch block.

To see how to write code that must deal with ThreadAbortExceptions, see @Mehrdad's reply to SO How can I detect a threadabortexception in a finally block where he references RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup Method and Constrained Execution Regions

---

The Rick Strahl article mentioned is instructive, and make sure to read the comments as well. Note that Strahl's issue was specific. He wanted to get the data to the client (an image) and then process hit-tracking database update that didn't slow down the serving of the image, which made his the problem of doing something after Response.End had been called.

Answer 6

On the question of "I still don't know the difference between Response.Close and CompleteRequest()" I would say:

Do prefer CompleteRequest(), don't use Response.Close().

See the following article for a well-done summary of this case.

Be aware that even after calling CompleteRequest() some text (e.g. redndered from ASPX code) would be appended to the response output stream. You can prevent it by overriding Render and RaisePostBackEvent methods as described in the following article.

BTW: I agree with preventing of using Response.End(), especially when writing data to the http stream to emulate file download. We've used the Response.End() in the past until our log file became full of ThreadAbortExceptions.

Answer 7

TL;DR

Initially I had recommended that you should simply replace all of your calls to [Response.End] with [...] CompleteRequest() calls, but if you want to avoid postback processing and html rendering you'll need to add [...] overrides as well.

Jon Reid, "Final Analysis"

---

Per MSDN, Jon Reid, and Alain Renon:

ASP.NET Performance - Exception Management - Write Code That Avoids Exceptions

The Server.Transfer, Response.Redirect, Response.End methods all raise exceptions. Each of these methods internally call Response.End. The call to Response.End, in turn, causes a ThreadAbortException exception.

ThreadAbortException Solution

HttpApplication.CompleteRequest() sets a variable that causes the thread to skip past most of the events in the HttpApplication event pipeline [--] not the Page event chain but the Application event chain.

...

create a class level variable that flags if the Page should terminate and then check the variable prior to processing your events or rendering your page. [...] I would recommend just overriding the RaisePostBackEvent and Render methods

Response.End and Response.Close are not used in normal request processing when performance is important. Response.End is a convenient, heavy-handed means of terminating request processing with an associated performance penalty. Response.Close is for immediate termination of the HTTP response at the IIS/socket level and causes issues with things like KeepAlive.

The recommended method of ending an ASP.NET request is HttpApplication.CompleteRequest. Keep in mind that ASP.NET rendering will have to be skipped manually since HttpApplication.CompleteRequest skips the rest of the IIS/ASP.NET application pipeline, not the ASP.NET Page pipeline (which is one stage in the app pipeline).

---

Code

Copyright © 2001-2007, C6 Software, Inc as best I could tell.

---

Reference

HttpApplication.CompleteRequest

Causes ASP.NET to bypass all events and filtering in the HTTP pipeline chain of execution and directly execute the EndRequest event.

Response.End

This method is provided only for compatibility with ASP—that is, for compatibility with COM-based Web-programming technology that preceded ASP.NET.preceded ASP.NET. [Emphasis added]

Response.Close

This method terminates the connection to the client in an abrupt manner and is not intended for normal HTTP request processing. [Emphasis added]