What's causing “Session state has created a session id, but cannot save it because the response was already flushed by the application.”

Solution 1:

I have!

In the global.asax file you do this :

void Session_Start(object sender, EventArgs e) 
{
    // Code that runs when a new session is started
    string sessionId = Session.SessionID;
}

So easy. It works!

Solution 2:

This error seems to appear when :

  • The application start

  • You're using a Global.asax even if you're doing something in the Session_Start / End events or not

  • Your application forces the Flush of the response too soon

  • You're not using the Session before the flush

It is raised by the session state when it try to save the sessionID on release :

System.Web.SessionState.SessionIDManager.SaveSessionID(HttpContext context, String id, Boolean& redirected, Boolean& cookieAdded)
System.Web.SessionState.SessionStateModule.CreateSessionId()
System.Web.SessionState.SessionStateModule.DelayedGetSessionId()
System.Web.SessionState.SessionStateModule.ReleaseStateGetSessionID()
System.Web.SessionState.SessionStateModule.OnReleaseState(Object source, EventArgs eventArgs)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

I believe the presence of Global.asax causes the session ID to be saved on release by the SessionStateModule (late?) even if no session have been used instead of HttpSessionState when SessionID is called.

It's the reason why string sessionId = Session.SessionID; trick avoid the problem.

I guess it only appears on application start because of initialization behaviors.

Solutions/tricks :

  • Avoid flushing in Page_Load as already said

  • Desactivate session state on the page (EnableSessionState)

  • Use the SessionID trick before the flush

  • Use Response.End() in place of .Flush() if you don't care about errors which can occur after your flush