(Possibly breaking) change in ASP.NET 2.0

.NET, ASP.NET 2.0, Technical stuff
See comments
A colleague of mine made a comment to me last week that led me to a discovery: ASP.NET has a major change of behaviour, which might be breaking existing application: When a directory located under the web application root is deleted, all existing sessions are terminated, and the application ends.
Why could that be breaking existing applications? Well, in theory, web applications should be stateless. However, it's very difficult to do more than very simple web apps without saving at least some information between roundtrips. To save information, there are different ways (non-exhaustive list):
  • Cookies (if available)
  • JavaScript (though information saved in JavaScript will be lost when the page is refreshed, it's possible to save variables in another window or frame/frameset for example)
  • Query string (using the URL to save state information)
  • Hidden fields (using form elements to save state information)
  • Viewstate
  • Session object
  • Other, self-developed mechanism using static variables
The Session way is probably one of the most comfortable ones. Objects stored in the Session object (actually, in an instance of the HttpSessionState class) can be accessed using a key. However, when the session ends, the Session object is deleted.
The client doesn't know that the session is terminated, so on the next request (be it a normal HTTP postback, a web service request, etc...), a new session is started, with the same SessionID. Since the session object is empty, however, this can cause problems, because the state becomes invalid.
In ASP.NET 1.1, however, this behaviour didn't exist. The following logs display that:
21.08.2006 09:06:55 Application_Start
21.08.2006 09:06:55 Session_Start l0y3lkyztr1oc245wftnlo55
21.08.2006 09:07:00 Directory created in l0y3lkyztr1oc245wftnlo55
21.08.2006 09:07:06 Session_Start zwticzam2ysatd3yvk5243zi
21.08.2006 09:07:10 Directory created in zwticzam2ysatd3yvk5243zi
21.08.2006 09:07:18 Directory deleted zwticzam2ysatd3yvk5243zi
21.08.2006 09:07:23 Directory deleted l0y3lkyztr1oc245wftnlo55
21.08.2006 09:07:29 Directory created in zwticzam2ysatd3yvk5243zi
21.08.2006 09:07:34 Directory deleted zwticzam2ysatd3yvk5243zi
21.08.2006 09:07:38 Directory created in l0y3lkyztr1oc245wftnlo55
21.08.2006 09:07:41 Directory deleted l0y3lkyztr1oc245wftnlo55
21.08.2006 09:10:00 Session_End l0y3lkyztr1oc245wftnlo55
21.08.2006 09:10:00 Session_End zwticzam2ysatd3yvk5243zi
ASP.NET 1.1 log file
This log was recorded in a ASP.NET 1.1 web app. A first client is opened, and creates a directory. Then a second client (different session ID) is opened and also creates a directory. When the first client deletes the created directory, nothing special happens. The second client can continue to work normally. After the timeout delay set in web.config (2 minutes), both sessions end normally.
This is different from the behaviour displayed in ASP.NET 2.0:
21.08.06 09:27:35 Application_Start
21.08.06 09:27:35 Session_Start 2kdc2g55kddquu2vfy5unvys
21.08.06 09:27:42 Directory created in 2kdc2g55kddquu2vfy5unvys
21.08.06 09:27:50 Session_Start 0tcrzvzbesyaolmskshphi45
21.08.06 09:28:01 Directory created in 0tcrzvzbesyaolmskshphi45
21.08.06 09:28:08 Directory deleted 0tcrzvzbesyaolmskshphi45
21.08.06 09:28:08 Session_End 0tcrzvzbesyaolmskshphi45
21.08.06 09:28:08 Session_End 2kdc2g55kddquu2vfy5unvys
21.08.06 09:28:09 Application_End
21.08.06 09:28:21 Application_Start
21.08.06 09:28:21 Session_Start 2kdc2g55kddquu2vfy5unvys
21.08.06 09:30:40 Session_End 2kdc2g55kddquu2vfy5unvys
ASP.NET 2.0 log file
Here, the first client starts, creates a directory. Then the second client starts, creates a directory and then deletes it. This action causes all open session to be terminated, and the Session_End event handler to be called. When all sessions are ended, the application ends. The next request causes the application to start again, as well as the corresponding session. In that case, the Session object will be empty.
Apparently, this behaviour has been included by design, so corresponding measures should be taken to prevent loss of state information. Also, if the directory deleted is located outside of the web application root, the sessions are not terminated.
Previous entry | Next blog entry

Responses to “(Possibly breaking) change in ASP.NET 2.0”

  1. Bob Says:

    FCN. The appDomain will be restarted if you change/make/delete folders in the application domain or after touching a number of files within the application's folder or subfolders.
    It thouroughly sux for everyone trying to build a file based CMS or trying to cache into a file or something.

    read more on this:


    please let me know if you found a solution for this that i can use in an ISP situation.


Comments for (Possibly breaking) change in ASP.NET 2.0