C++ C++ C# C# ASP.NET Security ASP.NET Security ASM ASM Скачать Скачать Поиск Поиск Хостинг Хостинг  
  Программа для работы с LPT портом...
Язык: .NET — ©Alexey...
  "ASP.NET Atlas" – AJAX в исполнении Micro...
Язык: .NET — ©legigor@mail.ru...
  "Невытесняющая" Многопоточность...
Язык: C/C++ — ©...
  01.05.2010 — Update World C++: Сборник GPL QT исходников
  15.12.2007 — Весь сайт целиком можно загрузить по ссылкам из раздела Скачать
Windows 2003, ASP.NET 2.0
бесплатный и от 80 руб./мес

   Отправить письмо
Кулабухов Артем, Беларусь

 Tracking Session Changes using HttpModule / Sessions and Session State / ASP. NET


When I started working in ASP.NET, I was very much excited and impressed with the tracing functionality. Just by adding a single attribute "trace=true" at the page level or by updating the trace section in web.config, each page rendered information (Request Details, Trace Information, Control Tree, Session State, Cookies Collection, Header Collection, Server Variables) after the actual content of the page.

Recently my manager called the whole team for a meeting to voice his concern on session usage by developers. Junior developers used session for everything and they never bothered to clean the session. Session was basically abused by everyone. There is no easy way to identify the number of places where session object is used in code other than searching for the keyword Session in the source code.

The options immediately we had was to use the Trace facility provided by ASP.NET framework or to write our own code just to display the session information.

Problems with ASP.NET Tracing facility

  1. Each time, I need to scroll a lot to locate the Session state section
  2. There is no way to see only session state information


  1. Display session state changes during a page request
  2. Reusable code to use in existing and future ASP.NET projects

I found that HttpModule is the right candidate to solve this problem because we can hook to application events raised by HttpApplication object during each page request. HttpHandler is not useful for this scenario because we cannot see the session information along with the page output.


I defined a class SessionTrace which implements IHttpModule. This module hooks to 2 important application events namely PreRequestHandlerExecute and PostRequestHandlerExecute.
public void Init(HttpApplication ctx)
ctx.PreRequestHandlerExecute += new EventHandler(context_PreRequestHandlerExecute);
ctx.PostRequestHandlerExecute += new EventHandler(context_PostRequestHandlerExecute);

During the PreRequestHandlerExecute event (which is raised before processing the page), this module captures the contents of the session. During the PostRequestHandlerExecute event (which is raised after processing the page), this module captures the contents of the session again and renders the captured contents in a tabular format.

Sample screenshot

How to use

We need to inform the ASP.NET runtime to hook the HttpModule for each request. This can be done by defining in the configuration file (maching.config or web.config).

  <add type="CodeProject.SessionTrace, CodeProject" name="SessionTrace"/>

I have included a sample web project which contains the SessionTrace module implementation and also a test page. This project was built using VS.NET 2003.


  1. Styles can be applied to improve the look and feel of the output.
  2. Cache object changes can also be monitored. The only difference is cache can be updated even by other requests whereas session is changed only by the current request.
  3. and More...


After working for more than 2 years in ASP.NET projects, I realized that most of the trace output sections are very rarely used (Request Details, Control Tree, Cookies Collection, Header Collection, Server Variables). Trace messages and session details are used often to debug the applications. Since the Session section comes after Control Tree section (this section may grow very long if your page has controls like DataGrid), each time I have to scroll a long way to see the session information.

ASP.NET trace configuration section does not support adding or removing trace output sections. If the trace details are configurable, then I can include only particular sections of interest to me.


<trace enabled="false" pageOutput="true"  requestLimit="15">
<add name="SessionState"/>
<add name="TraceInformation"/>
<remove name="ControlTree" />


I hope SessionTrace module will be useful to many of you in identifying the culprit who abuses the session in your team and to fix the problems before going to production. "Hats Off to HttpModule".