Response.Redirect in Session_Start doesn't work

Question

I have a simple Session_Start code that looks like this:

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
    Dim sid = Session.SessionID
    Response.Redirect("~/Blog.aspx")
    dim dummy=4/0
End Sub

It does not work as expected. Usually in my whole site, whenever Response.Redirect() is called, it also terminates the code execution. Whereas here, even if the page eventually redirects, the dim dummy=4/0 line is also executed.

This is causing me problems in other code called from Session_Start() where I built on the assumption that the redirect is an exit point.

I also tried setting endResponse in the Response.Redirect(url, endResponse) overloaded method as true or false but this doesn't work either.

Answer 1

Having had a dig into the framework source code I can explain why Response.Redirect(url, true) continues to execute code after being called in Session_Start() but not in regular code behind.

Response.Redirect() ultimately calls an internal overloaded method of Redirect():

internal void Redirect(string url, bool endResponse, bool permanent)
{
  // Miscellaneous goings on

  if (endResponse)
  {
    this.End();
  }
}

At the end of this method, if endResponse is true then Response.End() is called. When we look at Response.End() we see the following code:

public void End()
{
    if (this._context.IsInCancellablePeriod)
    {
        InternalSecurityPermissions.ControlThread.Assert();
        Thread.CurrentThread.Abort(new HttpApplication.CancelModuleException(false));
    }
    else if (!this._flushing)
    {
        this.Flush();
        this._ended = true;
        if (this._context.ApplicationInstance != null)
        {
            this._context.ApplicationInstance.CompleteRequest();
        }
    }
}

The method examines the state of the current context's IsInCancellablePeriod value. This value is internal but we can see it in our debugger:

If we set a breakpoint inside Session_Start() and examine the current context's IsInCancellablePeriod non-visible member we see:

This means that the request's thread won't be aborted and so the code after Response.Redirect() will execute, regardless of whether you set endResponse or not.

If we set a breakpoint inside an ASPX page's Page_Load() event we see something different:

The current context's IsInCancellablePeriod non-visible member is set to true and so Thread.CurrentThread.Abort() will be called and no more code will execute after the Response.Redirect().

The reason for this difference in behaviour is I suspect to do with protecting your session state integrity:

Don't redirect after setting a Session variable (or do it right)

If you need to prevent code from executing after a Response.Redirect() in Session_Start() then you'll need to use an If...Then...Else:

If <some_condition_we_have_to_redirect_for> Then
    Response.Redirect("~/Blog.aspx")
Else
    // Normal session start code goes here
End If