Why are there two incompatible session state types in ASP.NET?

I see two means of working with session data in ASP.NET MVC:

  • System.Web.SessionState.HttpSessionState, available on HttpApplication
  • System.Web.HttpSessionStateBase, available on Controller

Data stored in one seems to be available in the other.

Unfortunately the only common ancestor of these two types is System.Object, meaning that I can’t create reusable utility code for the abstraction of either.

Why is the API this way? Is there an important difference between the two that I am missing?


Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

In ASP.NET MVC abstractions over the classic HttpContext objects Request, Response, Session were introduced. They represent abstract classes and are exposed all over the MVC framework to hide the underlying context and simplify the unit testing because abstract classes can be mocked.

For example for the session object you have HttpSessionStateBase and its implementation HttpSessionStateWrapper.

Here’s an example of how to convert between the classic ASP.NET session and the abstraction:

HttpSessionStateBase session = new HttpSessionStateWrapper(HttpContext.Current.Session);

So the System.Web.SessionState.HttpSessionState which you are referring to is the underlying session object which existed ever since classic ASP.NET 1.0. In MVC this object is wrapped into a HttpSessionStateWrapper. But since ASP.NET MVC is an ASP.NET application you still get the Global.asax in which you have the bare session.

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x