Session expires after file download

Question

When a user downloads a file from my ASP.NET application, the session expires a few seconds after they download the file. Before the session expires that can perform any task, but after about 5-10 seconds, the session is restarted and they get logged out.

I've created a simple page to demonstrate this. To run this simple page, create a new asp.net c# project, then insert the code into a new page.

EDIT: This appears to be a IE7 problem. Firefox and Chrome are unaffected.

I believe the code responsible for the session restart is:

HttpContext.Current.Response.ContentType = "text/xml";
HttpContext.Current.Response.Clear();
HttpContext.Current.Response.AddHeader("Content-Disposition", "attachment; filename=test.xml");
HttpContext.Current.Response.Write("<test>this is a test.</test>");
HttpContext.Current.Response.End();

To recreate this problem:

Copy the code below into an asp.net page.
Use IE (I used IE7, firefox and chrome don't appear to have this issue)
Notice that the session is new.
Refresh the page; notice that the session is not new.
Download the file and save it.
Hit the "Refresh Page" button a couple of times until the "Session is new" text is redisplayed (about 10 seconds).

Below is the code for the simple recreation:

<%@ Page Language="C#" AutoEventWireup="true" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <script runat="server">
        private string sessionString {
            get {
                return HttpContext.Current.Session["sessionString"] == null ? null : HttpContext.Current.Session["sessionString"].ToString();
            }
            set {
                HttpContext.Current.Session["sessionString"] = value;
            }
        }
        protected void Page_Load(object sender, EventArgs e) {
            Label1.Text = sessionString ?? "Session is null";
            if(sessionString == null) {
                Label1.Text = "Session is new";
                Label1.BackColor = System.Drawing.Color.Red;
                sessionString = "Session is now not null";
            }
            else {
                Label1.Text = sessionString;
                Label1.BackColor = System.Drawing.Color.White;
            }
        }
        protected void LinkButton1_Click(object sender, EventArgs e) { }
        protected void LinkButton2_Click(object sender, EventArgs e) {
            HttpContext.Current.Response.ContentType = "text/xml";
            HttpContext.Current.Response.Clear();
            HttpContext.Current.Response.AddHeader("Content-Disposition", "attachment; filename=test.xml");
            HttpContext.Current.Response.Write("<test>this is a test.</test>");
            HttpContext.Current.Response.End();
        } 
    </script>
    <form id="form1" runat="server">
    <div>
        <asp:Label id="Label1" runat="server" text="Label"></asp:Label> <br />
        <asp:LinkButton id="LinkButton1" runat="server" onclick="LinkButton1_Click">Refresh Page</asp:LinkButton> <br />
        <asp:LinkButton id="LinkButton2" runat="server" onclick="LinkButton2_Click">Download File</asp:LinkButton> <br /><br />
        <b>Steps to recreate:</b>
        <ol>
            <li>Download the file and save it.</li>
            <li>Hit the "Refresh Page" button a couple of times until the "Session is new" text is redisplayed.</li>
            <li>Answer my question explaining what the heck is going on!</li>
        </ol>
    </div>
    </form>
</body>
</html>

score 2 · Accepted Answer · answered Sep 03 '09 at 15:26

2

Something to do with this (could be a similar issue)? Maybe use Fiddler to see what is happening in more detail to the cookie.

answered Sep 03 '09 at 15:26

RichardOD

28,883
9
61
81

Even if it's not, it should be! – Robert Sep 03 '09 at 15:28
I don't know if it was that exactly, but after reinstalling ie7 with the newest updates, it worked fine. Thanks. – Chris Sep 03 '09 at 16:11
@Chris: i too having this same issue. But for me its occurring in chrome and firefox too.. didn't checked in ie.. I opened the admin side its login is managed by session in firefox. and it got a client side where the download happens opened in chrome. And after download when i checked the session for my login details it seems to be null. Can you please tell how it is fixed. Only installed ie update. Any other method? – Mahesh KP Jul 23 '12 at 06:03
@mehesh, like I said in the previous comment. For me, it was fixed when I reinstalled ie7. It sounds like you are having similar symptoms, but a different problem. – Chris Jul 23 '12 at 18:40

score 1 · Answer 2 · answered Jul 13 '11 at 16:16

Make sure you start with a FRESH BROWSER after getting rid of the Response.Clear() call. I had the same exact problem, read this post, and getting rid of the Response.Clear() worked, but ONLY after I dumped the browser that was sitting open on my desktop, and opened up a fresh instance. good luck!

score 0 · Answer 3 · answered Sep 02 '09 at 22:21

0

Hm. Could it be that Response.Clear() eats the session state cookie?

answered Sep 02 '09 at 22:21

Tor Haugen

19,509
9
45
63

That doesn't appear to be the issue. If you comment out the code in the sample I gave, you get the same problem. – Chris Sep 03 '09 at 12:47

Session expires after file download

3 Answers3

Linked