IIS7 session loses its meaning

I implemented a request-response scheme as an Ajax handler. For some reason, he stopped working after a good job for a couple of months. Examination of the problem showed that Context.Session[KEY] lost its value between calls and responses.

I put Session_Start and Session_End (and several other) methods in Global.asax.cs with some logging there, and I see that a new Session_Start event is fired with the same session identifier, and there was no Session_End event

Question: Why does IIS lose session values?

Update: I tried switching to SQLServer sessions, but no behavior changes occurred. In rare cases, sessions work as intended, not knowing why. I tried all the loss session session troubleshooting guides that I could find without effect.

UPDATE 2: I narrowed down the issue to a missing session cookie, but changing my.browsers configuration did not resolve the issue after several attempts. When I call the ajax handler from the browser, the "ASP.NetSessionId" session cookie appears as expected. I changed the cookie name in the IIS settings for both the site and the server to "SessionId", but I continued to see ASP.NET even after the server restarted. Anyway, I would like to give generosity to someone who has an idea of ​​what is happening. In the meantime, I worked on this issue by setting the session cookie to the code.

Pseudocode for Login.ashx:

 string login = GetParameter("login", context); string passhash = GetParameter("pass", context); string challenge = "" + Context.Session["CHALLENGE"]; if (!string.IsNullOrEmpty(challenge)) { // this is the 'response' part string challengeResponse = Crypto.GetChallengeResponse(Challenge, UserFromDB.PassHash); if (challengeResponse == passhash) { // Great success, challenge matches the response Log.I("Success"); return "SUCCESS"; } else { Log.W("Failed to respond"); return "FAILED TO RESPOND"; } } else { // if passed login or session-stored challenge are empty - issue a new challenge challenge = "Challenge: "+ Crypto.GetRandomToken(); Context.Session["CHALLENGE"] = challenge; Log.I("Sent Challenge"); // this is what in the log below return challenge; } 

Here the log with the start of the session appears with each call, Session.Keys.Count remains 0, although the session ["CHALLENGE"] must be established:

 // This is the challenge request: [] **Session started**: sr4m4o11tckwc21kjryxp22i Keys: 0 AppDomain: /LM/W3SVC/1/ROOT-4-130081332618313933 #44 [] Processing: <sv> **MYWEBSITE/ajax/Login.ashx** SID=sr4m4o11tckwc21kjryxp22i [] Sent Challenge @Login.ashx.cs-80 // this is the response, note that there another Session started with the same id // and the session didn't keep the value ["CHALLENGE"], there are no session-end events either [] **Session started**: sr4m4o11tckwc21kjryxp22i Keys: 0 AppDomain: /LM/W3SVC/1/ROOT-4-130081332625333945 #93 [] Processing: <sv> **MYWEBSITE/ajax/Login.ashx?login=MYLOGIN&pass=RuhQr1vjKg_CDFw3JoSYTsiW0V0L9K6k6==** [] Sent Challenge @Login.ashx.cs-80 >Session: sr4m4o11tckwc21kjryxp22i 

disinfected web config

 <?xml version="1.0" encoding="utf-8"?> <configuration> <configSections> <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 --> <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=4.4.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" /> </configSections> <appSettings> <add key="IncludeStackTraceInErrors" value="false" /> </appSettings> <connectionStrings> <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> <add name="MYConnection" connectionString="metadata=res://*…. and a bunch of other stuff that works" providerName="System.Data.EntityClient" /> </connectionStrings> <system.web> <compilation targetFramework="4.5"> <assemblies> <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> </assemblies> </compilation> <authentication mode="Forms"> <forms loginUrl="~/Account/Login.aspx" timeout="2880" /> </authentication> <membership> <providers> <clear/> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" /> </providers> </membership> <profile> <providers> <clear/> <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" /> </providers> </profile> <roleManager enabled="false"> <providers> <clear/> <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" /> <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" /> </providers> </roleManager> <pages controlRenderingCompatibilityVersion="4.0" /> </system.web> <system.webServer> <modules runAllManagedModulesForAllRequests="true" /> </system.webServer> <entityFramework> <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" /> </entityFramework> </configuration>