After deployment of ASP.NET Core 2.2 application to IIS sessions using HttpContext.Session aren't working

Question

After deploying my ASP.NET Core 2.2 application using IIS, sessions, which are codeded using HttpContext.Session aren't working. If I set a session variable, as soon as the request ends, variable is deleted and if I try to access it after with different request, the value of the variable is null. While if I run the app in visual studio everything works.

Answer 1

Don't do that unless you want all cookies to not require consent. To allow the session, you should only add the option Cookie.IsEssential = true in AddSession. This will mark session cookies as essentials.

services.AddSession(options => {
    options.IdleTimeout = TimeSpan.FromMinutes(15);
    options.Cookie.HttpOnly = true;
    options.Cookie.IsEssential = true;
});

Read this for more info: https://andrewlock.net/session-state-gdpr-and-non-essential-cookies/

Answer 2

The problem was, that IIS decided that session cookie was not essential and I had an option enabled to require user permission to use non-essiantial cookies. Because I only use essential cookies, I just changed this options.CheckConsentNeeded = context => true; to this options.CheckConsentNeeded = context => false; in Startup.cs