I have a frameset page which has an HTM extension, and I found out that each frame it contains displays a different session id on the first request. Why?
The reason is that your frameset page is an HTM file instead of an ASPX file.
In normal a scenario, if the frameset is an aspx file, when you request the page, it will first send the request to the web server, receive an asp.net session cookie (which holds the session id), and then the browser will send individual requests for the frames, and each request will carry the same session id.
However, since your frameset page is an htm file, the first request comes back without any session cookie because the page was serviced by ASP and not ASP.NET. Then again your browser sends out individual requests for each frame. But this time each individual request will NOT carry any session id, and so each individual frame will create its own new session. That’s why you will see different session ids in each frame. The last request that comes back will win by overwriting the cookie written by the previous two requests. If you do a refresh, you will see them having the same session id.
This behavior is by-design, and the simple solution is to change your frameset page to .aspx.