The Ultimate ASP.NET Session State Debugging Tool

Do you use ASP.NET? ASP.NET MVC? Any kind of Session storage? Any kind of Out-of-Proc storage (like State Server, or SQL Server Session Storage) for web servers in a web farm?

Do you have problems with it? Yes, you do. Microsoft makes it painful. You must make MachineKey match. You must make the IIS W3SVC ID match. You must pray it doesn’t break when you restore your metabase config. You realize some virtual directories work, while others don’t. Some servers, browsers, load balancers, work while others don’t.

Now, do yourself a favor, stop hammering your sysadmin, and get the code below. Paste into a testSession.aspx page in every machine and every virtual directory affected. You’ll get something similar to the shot below. Run it individually and through the load balancer. Check for “AppDomainAppId” mismatches (even the tinyest difference in upper/lowercase makes a difference). Check for “MachineKey” hash. Make sure everything match between servers in the farm (by hand-editing the metabase, machine.config, etc) in every virtual directory (I’ve seen uppercase/lowercase mismatches in the /LM/W2SVC/1/ROOT/VirtualDir AppDomainId string that happen on one Vdir while others are okay).

So simple, isn't it?

Here goes the entire code. Attention: remove this from the server after you’re done. You never know what evil people will use it for…

<%@ Page Language="C#" ValidateRequest="false" %>

Current DataTime: <%= DateTime.Now %><br/>
Current Session Mode: <b><%= Session.Mode %></b><br/>
HttpRuntime.AppDomainAppId: <b><%= HttpRuntime.AppDomainAppId %></b><br/>

<%@ Import Namespace="System.Web.Configuration" %>
<%@ Import Namespace="System.Reflection" %>

MethodInfo _encOrDecData;
MethodInfo _hexStringToByteArray;
MethodInfo _byteArrayToHexString;
MethodInfo _HashAndBase64EncodeString;

MachineKeySection  config = (MachineKeySection)ConfigurationManager.GetSection("system.web/machineKey");
Type machineKeyType = config.GetType().Assembly.GetType("System.Web.Configuration.MachineKeySection");

BindingFlags bf = BindingFlags.NonPublic | BindingFlags.Static;

_HashAndBase64EncodeString = machineKeyType.GetMethod("HashAndBase64EncodeString", bf);

if (_HashAndBase64EncodeString == null)
	throw new InvalidOperationException("Unable to get the HashAndBase64EncodeString to invoke.");
String str = HttpRuntime.AppDomainAppId;
var HashedPiko = (String)_HashAndBase64EncodeString.Invoke(null, new object[] { str });


Hashed with the MachineKey: <b><%= HashedPiko %></b><br/>

Local Machine Name: <b><%= Request.ServerVariables["LOCAL_ADDR"] %></b><br/>

Current Session ID: <b><%= Session.SessionID %></b><br/>

String pikoNaSession = (String)Session["SESSION_TEST_VALUE"];
if (String.IsNullOrEmpty(pikoNaSession)) {
	Session["SESSION_TEST_VALUE"] = "Test Value, set on " + Request.ServerVariables["LOCAL_ADDR"] + " " + " at " + DateTime.Now ;

Current value in Session: <b><%= pikoNaSession %></b><br/>

4 Replies to “The Ultimate ASP.NET Session State Debugging Tool”

  1. very very helpful for me to cath my problem.
    so, for sharing with several app, i set HttpRuntime.AppDomainAppId=”Myapp” in init() in global.asax.

    this work great on ii7/win 2008

    Current Session Mode: StateServer
    HttpRuntime.AppDomainAppId: Myapp

    but not in iis 7.5/win2008r2

    Current Session Mode: StateServer
    HttpRuntime.AppDomainAppId: /LM/W3SVC/2/ROOT

    Any suggests?

Leave a Reply