ASP.NET session has expired or could not be found -> Because the Session.SessionID changes (Reporting Services)

Question

1.-I'm using reporting services and sometimes I get this error ASP.NET session has expired or could not be found when I try to load a report.

2.-I realized that I get this error when the Session.SessionID property changes even though the user is the same. If it does not change, the report is loaded. I mean, if I refresh the report a number of times, whenever the Session.SessionID is the same than the last one, the report is loaded.

3.-Microsoft Documentation says:

When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. As a result, a new session ID is generated for each page request until the session object is accessed. If your application requires a static session ID for the entire session, you can either implement the Session_Start method in the application's Global.asax file and store data in the Session object to fix the session ID, or you can use code in another part of your application to explicitly store data in the Session object.

If your application uses cookieless session state, the session ID is generated on the first page view and is maintained for the entire session.

The point is that I can not use a cookieless session state because I need cookies.

What could I do to avoid this error? Or What could I do to avoid the Session.SessionID to change on every request?

Answer 1

Having the reportviewer being displayed in iframe was giving us this error. If displayed outside of iframe it works nice. The reportviewer object has this configuration, AsyncRendering = false and KeepSessionAlive = true.

The webapp that has the reportviewer and set the session cookie in the browser was compiled with .net framework 4.6.1. We upgrade to 4.8 and put this in web.config

<sessionState cookieSameSite="None" />
    <httpCookies requireSSL="true"/>

Só the solution is from https://docs.microsoft.com/en-us/aspnet/samesite/system-web-samesite#:~:text=The%20updated%20standard%20is%20not%20backward%20compatible%20with,SameSite%3DStrict.%20See%20Supporting%20older%20browsers%20in%20this%20document.

Answer 2

You are probably storing your session InProcess. Try changing it to session state server. You can find more details here.

Answer 3

I'm using report viewer 11.0.0; in your web config on system.web section, put the next configuration:

<sessionState timeout ="120" mode="InProc" cookieless="false" />

When you are generating the report (C# code bellow) in the reportviewer object change the KeepSessionAlive property to false and the AsynkRendering property to false, and that's all

        this.rvReporte.KeepSessionAlive = false;
        this.rvReporte.AsyncRendering = false;

(rvReporte) is a ReportViewer control located on my asp.net Form This solution work for me, i hope that work for other people.

Regards

Answer 4

<httpCookies httpOnlyCookies="false" requireSSL="false"/>

Solved the problem. Thanks to : http://www.c-sharpcorner.com/Blogs/8786/reportviewer-Asp-Net-session-has-expired.aspx