Losing session data in ASP.NET

Question

I moved an ASP.NET site running on a server with .NET 1.1 to another server running with .NET 2.0.

In one of the pages I have the following code to detect an expired

Answer 1

<httpCookies requireSSL="false" />

Removing this from the local web.config worked for me. The issue was only happening when running the app locally.

• Removed the setting from web.config
• Added it to the web.staging.config and web.production.config

Answer 2

I encountered this problem when setting the Session variable before a redirect. I had enableSessionState="ReadOnly" in Web.config. It happens because the session does not exists and the redirect happens before the client can set the session cookie.

My solution was to set a dummy Session variable in the previous page load (login page in my case).

protected void Page_Load(object sender, EventArgs e)
{
    // Put this in master page or login page
    Session["createSession"] = true; /* ensure there's a cookie for session */
}

Answer 3

By default Response.Redirect terminates thread execution and there might be a race conditions in setting session variables. It is described in article Don't redirect after setting a Session variable (or do it right), so try to use another, less violent version:

Response.Redirect("cpanel.aspx", false);