We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content. RSS

12 replies

Last post Oct 20, 2014 04:27 PM by ryanzero

  • System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Apr 03, 2007 02:37 AM|mehuls|LINK

    Hi,

    I am developing a managed module that can run for requests made to unmanaged content on IIS 7.0. In this module I am using the System.Web.SessionState.HttpSessionState object to check if the session assosciated with the rquest is newly created session or not.

    The isssue I am facing is,the System.Web.SessionState.HttpSessionState is not available for request made to unmanaged content.

    The HttpSessionState object is avilable for request made to managed content.The problem is with the request made to unmanaged content. 

    Any inputs on this would be very helpful.

     

    Thanks,

    Mehul

  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Apr 03, 2007 12:36 PM|anilr|LINK

    You need to set system.webServer/modules@runAllManagedModulesForAllRequests to true (or else you need to figure out which other managed modules need to run to populate the various things you need and remove managedHandler precondition for them).
    Anil Ruia
    Software Design Engineer
    IIS Core Server
  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Apr 04, 2007 04:33 AM|ankitasdeveloper|LINK

    Anil,

    Which module is responsible for mapping ASP.NET session to a request?

    Setting the runAllManagedModulesForAllRequests attrubute to ture, makes all managed module to execute for all requests. But it does not work and we can't get session object for *.jpg files (Session is null). It works for *.aspx requests only.

    I tried removing preCondition of System.Web.SessionState.SessionStateModule, still it didn;t work.

     - Ankit

    ~ Ankit
  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Apr 04, 2007 02:20 PM|mvolo|LINK

    Ankit,

    While Anil is right about removing the precondition for the SessionStateModule, the trick is in how SessionStateModule determines whether a particular request requires session state or not (since session state is pretty expensive to get on each request, particularly when using OOB session state).

    One of the things that the module checks is that the handler implements IRequiresSessionState interface.  For unmanaged requests, there is no ASP.NET handler set on the request, so no session state is fetched.

    You can learn more about the session state module here: http://msdn.microsoft.com/msdnmag/issues/05/09/sessionstate/default.aspx.

    To fake out the module into getting you the session state anyway, just set HttpContext.Handler to a dummy IHttpHandler class that implements IRequiresSessionState (you'll have to write one, but you wont have to implement ProcessRequest - it will never be called).  Do this in PostMapRequestHandler, and only when HttpContext.Handler is already null (meaning ASP.NET wont be called for the handler).  You can then remove your handler in PostAcquireRequestState, after the session state module has made its determination.

    Thanks,

    Mike

    Mike V.
    CTO at LeanSentry, Former IIS PM

    Expert guides:
    1. Restart IIS correctly
    2. Expert guide to IIS logs
    3. Tune IIS thread pool
  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Apr 14, 2007 10:19 AM|tdjastrzebski|LINK

    Thank you, Mike. You help me to find a solution I was seeking for 3 days already!

    Respectfully,

    Tomasz J

  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Dec 23, 2007 11:05 PM|hla|LINK

    This brought me also the solution I was looking for. Thanks! 

    Only one problem was left for me. I had to do the same thing in 1.1, but this older framework version doen't provide the PostMapRequestHandler. The problem is were to set the dummy IHttpHandler. The solution is to set the Handler  just like you would do it in the web.config (Example: <add verb="*" path="*.divx" type=".....DummyHandlerWithSession,....." /> and then removing the handler like described above.

    Regards, Herman

     

  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Sep 06, 2009 07:34 AM|darwaish|LINK

    I am using this technique to get session state in HttpModule to apply ACL rules for my non-asp.net content. And it is causing w3p to freeze in the state "AcquireSessionState". I can see it in IIS Manager and it takes about 2 minutes before IIS starts serving pages again for that site. Any ideas? I tried the link below but that did not work either. I would appreciate any help. http://mvolo.com/blogs/serverside/archive/2009/05/11/Workaround-for-using-IIS-7-url-authorization-with-ASP.NET-roles.aspx
  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Sep 08, 2009 01:16 PM|anilr|LINK

    Why do you need to enable session state for content authorization?

    Anil Ruia
    Software Design Engineer
    IIS Core Server
  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Sep 08, 2009 01:28 PM|darwaish|LINK

    Thanks for your reply Anil. I need to protected videos that I am serving using smooth streaming (on server side) and silverlight (on client side). On each request from silverlight player I need to verify this person has access to the video, so I store an entry in the session against the ID of that video to avoid going to the database on each hit. On all next hits I just check if there is an entry in session, if not only then I go to the database to verify if user should have access to the video. Is there any recommended way to protect videos and content? I have different trainings and a person who has access to the training can see videos only in that specific training. Plus I have extra rules like if user has not finished a part of the training, he/she can not have access to the videos in other part of the same training etc. I would appreciate any suggestions. Thanks
  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Sep 10, 2009 01:19 PM|anilr|LINK

    Ok, looks like using session is the best way here.

    From the symptoms, sounds like you may have some request which is not releasing the session in a timely manner - I would suggest using failed request tracing to see what requests you are seeing with particular session-id and whether any of them are holding on to the session indefinitely.

    Anil Ruia
    Software Design Engineer
    IIS Core Server
  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Sep 10, 2009 01:27 PM|darwaish|LINK

    Thanks Anil. I moved the part of code that attach the original handler to PreRequestHandlerExecute rathar than PostAcquireRequestState and it seems to be working fine now. I am not sure the reason though. void context_PreRequestHandlerExecute(object sender, EventArgs e) { if (!this.IsProtectedContent) return; MyHttpHandler resourceHttpHandler = HttpContext.Current.Handler as MyHttpHandler; if (resourceHttpHandler != null) { // set the original handler back HttpContext.Current.Handler = resourceHttpHandler.OriginalHandler; } }
  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Oct 19, 2014 11:21 AM|mahdiahmadirad|LINK

    Thank you for your useful reply dear  Mike Volodarsky,

    i have same issue but your solution not working on my custom HTTP Session Module.

    you know, according to the Microsoft's Session module source, i handled new session initializations on BeginAcquireState:

    public void Init(HttpApplication app)
    {
         ...
    
        // Handling OnAcquireRequestState Asynchronously
        app.AddOnAcquireRequestStateAsync(
            new BeginEventHandler(this.app_BeginAcquireState),
            new EndEventHandler(this.app_EndAcquireState));
    
         ...
    }
    
    private IAsyncResult app_BeginAcquireState(object source, EventArgs e, AsyncCallback cb, object extraData)
    {
        ...
        if (_rqIsNewSession)
        {
            // Firing Sessoin_Start Event
            _sessionStartEventHandler(this, EventArgs.Empty);
        }
    }

    because your suggestion about adding IRequiresSessionState marker to HttpContext.Hanlder in PostAcquireRequestState will fire after AcquireRequestState i handled your solution in my BeginAcquireState and i do it somewhere before firing sessionStart Handler.

    HttpApplication app = (HttpApplication)sender;
    if (app.Context.Handler is IRequiresSessionState || app.Context.Handler is IReadOnlySessionState)
    	return;
    
    app.Context.Handler = new DummyHandler(app.Context.Handler);

    so DummyHandler is:

    public sealed class DummyHandler : IHttpHandler, IRequiresSessionState, IReadOnlySessionState

    but unfortunately Sessoin object is still null in the Session_Start.

    i just only handled the AcquireRequestState in a async way according to the  Microsoft's .NET 4.5 framework SessionStateModule Source Code.

    Have you any suggestion for me to handle your solution in such case?!

    stateserver httpmodule session

  • Re: System.Web.SessionState.HttpSessionState not avilable for request made to unmanaged content.

    Oct 20, 2014 04:27 PM|ryanzero|LINK

    I am also having trouble getting the solution working for the SAML authentication module I have been tasked to write. I have tried a few different event triggers to put the HTTP Handler swap, but all end up with the current session being null. Any ideas if there is something else besides the swap and the runAllManagedModulesForAllRequests attribute that needs to be done to allow me to access session on *all* requests?

    stateserver httpmodule session