Home/ Questions/Q 8682975
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T21:55:07+00:00

In my ASP .NET MVC 2 – application, there are several controllers, that need

  • 0

In my ASP .NET MVC 2 – application, there are several controllers, that need the session state. However, one of my controllers in some cases runs very long and the client should be able to stop it.

Here is the long running controller:

    [SessionExpireFilter]
    [NoAsyncTimeout]
    public void ComputeAsync(...) //needs the session
    {
    }

    public ActionResult ComputeCompleted(...)
    {

    }

This is the controller to stop the request:

    public ActionResult Stop()
    {
      ...
    }

Unfortunately, in ASP .NET MVC 2 concurrent requests are not possible for one and the same user, so my Stop-Request has to wait until the long running operation has completed. Therefore I have tried the trick described in this article and added the following handler to Global.asax.cs:

    protected void Application_BeginRequest()
    {
        if (Request.Url.AbsoluteUri.Contains("Stop") && Request.Cookies["ASP.NET_SessionId"] != null)
        {
            var session_id = Request.Cookies["ASP.NET_SessionId"].Value;

            Request.Cookies.Remove("ASP.NET_SessionId");
            ...
        }
    }

This simply removes the session-id from the Stop-Request. At the first glance this works well – the Stop-Request comes through and the operation is stopped. However, after that, it seems that the session of the user with the long running request has been killed.

I use my own SessionExpireFilter in order to recognize session timeouts:

 public class SessionExpireFilterAttribute : ActionFilterAttribute
 {
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        HttpContext ctx = HttpContext.Current;

        // check if session is supported
        if (ctx.Session != null)
        {
            // check if a new session id was generated
            if (ctx.Session.IsNewSession)
            {

                // If it says it is a new session, but an existing cookie exists, then it must
                // have timed out
                string sessionCookie = ctx.Request.Headers["Cookie"];
                if ((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0))
                {

                    filterContext.Result = new JsonResult() { Data = new { success = false, timeout = true }, JsonRequestBehavior = JsonRequestBehavior.AllowGet };
                }
            }
        }

        base.OnActionExecuting(filterContext);
    }
}

ctx.Session.IsNewSession is always true after the Stop-Request has been called, but I don’t know why. Does anyone know why the session is lost? Is there any mistake in the implementation of the Stop-Controller?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The session is lost because you removed the session cookie. I’m not sure why that seems illogical. Each new page request supplies the cookie to asp.net, and if there is no cookie it generates a new one.

    One option you could use to use cookieless sessions, which will add a token to the querystring. All you need to do is generate a new session for each login, or similar.

    But this is one of the reasons why session variables are discouraged. Can you change the code to use an in-page variable, or store the variable in a database?

    • 0