Menu
I have a class that uses IHTTPHandler and does not implement IRequiresSessionState or IReadOnlySessionState. I still see it accessing our Session provider which is causing excessive usage.
Stack Trace: HttpRuntime.ProcessRequestInternal => HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest => ApplicationStepManager.ResumeSteps => HttpApplication.ExecuteStep => AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute => SessionStateModule.BeginAcquireState => SessionStateProvider.ResetItemTimeout => SessionStateItem.Save
Is there a way to tell the HttpHandler to not use Session?
436
asked May 17 '26 16:05
It's tough to find any formal documentation on this issue, but it looks like the answer is no. Even if you don't implement IRequiresSessionState or IReadOnlySessionState, if you are using the SQL Server Session provider you'll still see a call to the TempResetTimeout procedure. At least that's what I've found from my testing.
If you really want to avoid session without using a separate web application with Session entirely disabled, you could create an HttpModule, instead of using an HttpHandler. It's not an ideal approach, but in my testing it did work.
Basically, you do what you need to using the BeginRequest event handler and complete the request in BeginRequest (i.e., by calling context.ApplicationInstance.CompleteRequest()). If you spy the database using SQL Profiler you'll see that no Session database calls are made.
I wish I had a better answer, but that seems to be the way it works (in ASP.NET 4.0 anyway).
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
