Do I have a valid HttpSessionState object and HttpContext object in Session_End?
You will have the HttpSessionState object available. Just use ’Session’ to access it. For HttpContext, it is not available because this event is not associated with any request.
I have a frameset page which has an HTM extension, and I found out that each frame it contains displays a different session id on the first request. Why?
The reason is that your frameset page is an HTM file instead of an ASPX file. In normal a scenario, if the frameset is an aspx file, when you request the page, it will first send the request to the web server, receive an asp.net session cookie (which holds the session id), and then the browser will send individual requests for the frames, and each request will carry the same session id. However, since your frameset page is an htm file, the first request comes back without any session cookie because the page was serviced by ASP and not ASP.NET. Then again your browser sends out individual requests for each frame. But this time each individual request will NOT carry any session id, and so each individual frame will create its own new session. That’s why you will see different session ids in each frame. The last request that comes back will win by overwriting the cookie written by the previous two requests. If you do a refresh, you will see them having the same session id. This behavior is by-design, and the simple solution is to change your frameset page to .aspx.
When I create a Session variable if I’m using inproc, where is the session variable stored?
In II5, it’s stored in the memory of aspnet_wp.exe. For IIS6, by default all apps will share the same application pool, i.e. the session state is stored in the memory of the process w3wp.exe. They are NOT separated per application, but instead per application pool (w3wp.exe)
The SessionID remains the same even after the Session times out or Session abandons?
The SessionID lasts as long as the browser session lasts even though the session state expires after the indicated timeout period i.e the same session ID can represent multiple sessions over time where the instance of the browser remain the same.
Is the session Timeout attribute a sliding timeout value?
The session Timeout is a sliding expiration time, meaning whatever your page access session state, the expiration time will be moved forward. Note that as long as a page has NOT disabled session state, it will access the session automatically when requested.