Last post Jan 21, 2020 12:00 PM by Khuram.Shahzad
Jan 19, 2020 11:08 AM|coralz.adar|LINK
I have an ASP.NET web API (Empty) project.
On the login controller the user's login details are saved on one of the session variable, when we try to get the details (on another controller), the data is lost.
We have 2 different session Ids, and I can see on debug that the function Session_Start on Global.asax called more than one time.
Here are some snippets of my code:
Login controller: saves the user's details:
public bool Login(LoginForm loginF)
HttpContext.Current.Session["MyName"] = "myName";
HttpContext.Current.Session["AuthDetails"] = new AuthDetails()
isAuthenticated = true,
userName = loginF.userName
Request Controller: trying to get the user details but the session variables is empty (count=0):
public List<RequestDTO> GetRequests([FromUri] RequestFilter filter)
AuthDetails authDetails = ((AuthDetails)HttpContext.Current.Session["AuthDetails"]);
catch (Exception ex)
exc.throwException(EventLogEntryType.Error, Strings.GetRequestsFailed + ex.Message);
AuthDetails is a class which contains the rellevant fields.
Web.config: I tried to change some attributes but nothing...
<compilation debug="true" targetFramework="4.5"/>
<!--<sessionState cookieless="false" mode="InProc" timeout="120"/>-->
<!--<sessionState cookieless="false" mode="InProc" regenerateExpiredSessionId="true" timeout="20"/>-->
<!--<sessionState regenerateExpiredSessionId="false" mode="InProc"/>-->
<pages enableSessionState="false" >
Do you have any advice fo me? I read a lot and I didn't found any solution that works for me.
Thanks a lot.
Jan 19, 2020 11:56 AM|mgebhard|LINK
Session is a browser feature. Most likely you did not write code to handle the Session cookie on the client.
Secondly, Web API is stateless by definition. Adding Session is a poor design because the clients that connect to Web API will not know they need to read/send the Session cookie.
Jan 21, 2020 11:59 AM|Khuram.Shahzad|LINK
try to decorate your controller with this attribute
<pages enableSessionState="true" >
Jan 21, 2020 12:00 PM|Khuram.Shahzad|LINK
If session is already working fine and within controller that work that means you have defined very short time of session life so it get expired , most likely that happened
<sessionState mode="InProc" timeout="30" />