System.Web.HttpContext.Current.Session null in global.asax

I have a custom security principal object which I set in the global.asax for the current thread and all is well, no problems normally.

However, I’m just adding a dynamic image feature by having a page serve up the image and whenever that dynamic image page is loaded the System.Web.HttpContext.Current.Session is null in global.asax which prevents me from setting the security principal as normal and cascading problems from that point onwards.

Normally the Session is null in global.asax only once during a session at the start when the user logs in, afterwards it’s always available with this single exception.

The dynamic image page is loaded when the browser comes across an image tage in the original page i.e.

I’m guessing that this is some aspect of the fact that the browser is requesting that page without sending some credentials with it?

Any help would be greatly appreciated.


Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1


I’m assuming you’re using an ashx handler for the handler. If so, be sure to derive from IRequiresSessionState for example:

public class Images : IHttpHandler, System.Web.SessionState.IRequiresSessionState
{ }

If you’re not using an ashx can you describe what you mean by dynamic image page?


Method 2

in Global.asax.cs Session_Start() and Session_End() you need to use “this.Session” !!
The reason for this is that HttpContext is only available when there is a request that is being processed. That is why you are getting a NULL on HttpContext.Current.Session!

From Microsoft website:
“HttpContext Class: Encapsulates all HTTP-specific information about an individual HTTP request.”

But don’t feel bad … i fell for this one too! 🙂

Method 3

Session has nothing to do with being logged in or not.

What event are you overriding when you want access to the session? Session isn’t available until AcquireRequestState has been fired.

For more information, see:

Method 4

yes you are right This happens because the object dependancy might conficts in case of other page transferance parallel which may break down the firewall between sessions

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x