ASP.NET_Sessionid is getting renewed

Question

There is a button in my site in which you have to login first. When clicked, it retrieves a report from the ssrs report server and displays it on the same page. I took note of the session ID it used in the request cookie.

Now when I clear my cache and run the report again it gets the following error "ASP.NET session has expired" but it gets a response cookie with a session ID.

Now here's the issue, when I click the button again. The site is able to retrieve the report from the ssrs report server but it uses the session ID of the response cookie.

Anyone has an idea on why this behavior is happening? Other threads didn't give me a thorough explaination.

Answer 1

What your describing sounds perfectly normal.

A session ID is essentially a pointer to a virtual memory space that contains a table of variables accessible to that user. The table isn't kept forever-- if the ASP.NET framework doesn't see a session ID for a certain amount of time (say 20 or 30 minutes, depending on config), the memory space is released and reclaimed for other use. If that session ID shows up later on, it won't know what to do with it and will give you a "session has expired" error.

The first session ID you saw is probably left over from a previous session. It's old, and its memory space is gone, so ASP.NET gives you the error.

The second session ID is issued automatically for all requests that do not have a valid session. ASP.NET will automatically create a memory space and a random key and send it back in that response cookie that you saw. Now that your browser has an up-to-date session cookie, requests will work fine, as you can see when you click the button a second time.