ASP.NET session has expired or could not be found -> Because the Session.SessionID changes (Reporting Services)

Question

1.-I'm using reporting services and sometimes I get this error ASP.NET session has expired or could not be found when I try to load a report.

2.-I realized that I get this error when the Session.SessionID property changes even though the user is the same. If it does not change, the report is loaded. I mean, if I refresh the report a number of times, whenever the Session.SessionID is the same than the last one, the report is loaded.

3.-Microsoft Documentation says:

When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. As a result, a new session ID is generated for each page request until the session object is accessed. If your application requires a static session ID for the entire session, you can either implement the Session_Start method in the application's Global.asax file and store data in the Session object to fix the session ID, or you can use code in another part of your application to explicitly store data in the Session object.

If your application uses cookieless session state, the session ID is generated on the first page view and is maintained for the entire session.

The point is that I can not use a cookieless session state because I need cookies.

What could I do to avoid this error? Or What could I do to avoid the Session.SessionID to change on every request?

Answer 1

I have added the below-mentioned line on the web config file and it is working fine for me.

<sessionState mode="InProc" cookieless="true" timeout="3000" />
<pages enableSessionState="false" />
<customErrors mode="Off" />

Answer 2

Having the reportviewer being displayed in iframe was giving us this error. If displayed outside of iframe it works nice. The reportviewer object has this configuration, AsyncRendering = false and KeepSessionAlive = true.

The webapp that has the reportviewer and set the session cookie in the browser was compiled with .net framework 4.6.1. We upgrade to 4.8 and put this in web.config

<sessionState cookieSameSite="None" />
    <httpCookies requireSSL="true"/>

Só the solution is from https://learn.microsoft.com/en-us/aspnet/samesite/system-web-samesite#:~:text=The%20updated%20standard%20is%20not%20backward%20compatible%20with,SameSite%3DStrict.%20See%20Supporting%20older%20browsers%20in%20this%20document.

Answer 3

For me Azure hosted web app turning ON - ARR Affinity fixed the issue.

ARR Affinity ON

Answer 4

I solved this issue by setting AsyncRendering to false on reportviewer server control

Answer 5

I had the same issue on report viewer page when the web site was accessed from outside intranet. hardvin's suggestion saved the day for me which is to set this.rvReporte.KeepSessionAlive = false; this.rvReporte.AsyncRendering = false;

I changed the property on the control itself. I am using report viewer on a user control which raises a custom event for supplying parameters programmatically at the host page instead of prompting the users.

Answer 6

For me, it turned out to be having more than one worker process for the app pool.

Answer 7

I'm using report viewer 11.0.0; in your web config on system.web section, put the next configuration:

<sessionState timeout ="120" mode="InProc" cookieless="false" />

When you are generating the report (C# code bellow) in the reportviewer object change the KeepSessionAlive property to false and the AsynkRendering property to false, and that's all

        this.rvReporte.KeepSessionAlive = false;
        this.rvReporte.AsyncRendering = false;

(rvReporte) is a ReportViewer control located on my asp.net Form This solution work for me, i hope that work for other people.

Regards

Answer 8

<httpCookies httpOnlyCookies="false" requireSSL="false"/>

Solved the problem. Thanks to : http://www.c-sharpcorner.com/Blogs/8786/reportviewer-Asp-Net-session-has-expired.aspx

Answer 9

Try removing SessionState="somevalue" tag from the top of your calling ASPX page. I'm using a custom SessionState and refuse to use InProc since I have multiple instances on Azure. You can even use AsyncRendering=True if you desire. Let me know if this did the trick for you.

Answer 10

The answer given by Alexsandar is just one of the solution to this problem.

This link clearly explains what is the root cause for this problem and possible solutions: http://blogs.msdn.com/b/brianhartman/archive/2009/02/15/did-your-session-really-expire.aspx

In case of Brian, the way he has descrived the problem, if he had just a single IIS server, using a session object in his code would have solved the problem because in that case, the SessionID which is passed in the request from browser to the server will get mapped to a corresponding sessionID on the server and hence the session expiry message will not come.

Setting the mode may only work in case of a server cluster where Brian had multiple IIS servers handling the same request. In that case an out of process mode will help to retrieve the session object from the Session Store irrespective of the server hit.

So based on this observation, I would conclude that Brian's problem was not related to cookies but to a server cluster. The information provided by Brian in his question and the subsequent solution misled me and hence this clarification. Hope it helps anyone looking for a similar problem.

Thanks, Vipul

Answer 11

You are probably storing your session InProcess. Try changing it to session state server. You can find more details here.