Status: Solved
Priority: Medium
Security: Public
Views: 581
Last Modified: 2013-11-07

Mysterious Exception

Hey guys,

This one is a shot in the dark cause i am not sure what the issue is here, i am hoping that someone can enlighten me maybe.

I do extensive error logging and reporting on my website. Since i went live a couple of weeks ago i have encountered a number of exceptions (that were logged and reported to me by my code) of which i have resolved most. None of which, including the one i am about to mention i was ever able to reproduce in development.

My site also tracks user sessions. And i have built and entire back end system that allows me to tie a particular exception to a session. This one does not have a session relating to it... Weird, i would have thought that a user would trigger exception errors but it appears not to be the case.

ERROR MESSAGE:
----------------------
Object reference not set to an instance of an object.

STACKTRACE
------------------
at ASP.global_asax.Session_Start(Object sender, EventArgs e)
at System.Web.SessionState.SessionStateModule.RaiseOnStart(EventArgs e)
at System.Web.SessionState.SessionStateModule.CompleteAcquireState()
at System.Web.SessionState.SessionStateModule.BeginAcquireState(Object source, EventArgs e, AsyncCallback cb, Object extraData)
at System.Web.HttpApplication.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

EXTRA DATA
-----------------
System.Collections.ListDictionaryInternal

SOURCE
-----------
App_global.asax

TARGETSITE
----------------
Void Session_Start(System.Object, System.EventArgs)

I get at least one of these every day! Does anyone maybe know what is going on?

Nugs

Nugs

Asked: 2008-06-20

Advertise Here

2 Solutions

LVL 10

NeoTeqCommented: 2008-06-20

Could you share the code that's in the method Session_Start in App_global.asax?

LVL 2

NugsAuthor Commented: 2008-06-20

There are a number of things that happen in the session start of my site... The most important of these things is that a session record is created in the database for the user that is used to track the cart items and session data etc...

An important note (without having to post all the code for the classes being used in the session start) is that i have "tried" to made 100% sure that a user can not enter my site without a few guidlines being met first... I require cookies and javascript, and as you can see i use a few session variables throughout the site... Allot of my classes access System.Web.HttpContext BUT i make 100% sure that System.Web.HttpContext and System.Web.HttpContext.Current is not null before trying to pull values from them.

<%@ Application Language="C#" %>
 
<script RunAt="server">
    
    void Application_Start(object sender, EventArgs e)
    {
 
    }
 
    void Application_End(object sender, EventArgs e)
    {
 
    }
 
    void Application_Error(object sender, EventArgs e)
    {
        Exception ex = Context.Error;
        if (ex is HttpUnhandledException)
        {
            ex = Context.Error.InnerException;
        }
 
        ClassLib.Logging_Libraries.ErrorReporter ErrReport = new ClassLib.Logging_Libraries.ErrorReporter("Thenga_Global.cs", 23);
        ErrReport.LogExc(ex);
    }
 
    void Session_Start(object sender, EventArgs e)
    {
        ClassLib.Website_Libraries.BrwrSessManager SessManager = new ClassLib.Website_Libraries.BrwrSessManager();
        SessManager.LoadSessions();
 
        if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
        {
            int CustomerID = -1;
 
            ClassLib.Utility_Libraries.AuthManager Auth = new ClassLib.Utility_Libraries.AuthManager();
            CustomerID = Auth.GetUserID(System.Web.HttpContext.Current.User.Identity.Name);
 
            if (CustomerID != -1)
            {
                SessManager.CustomerID = CustomerID;
            }
            else
            {
                FormsAuthentication.SignOut();
                SessManager.CustomerID = -1;
            }
        }
        else
        {
            FormsAuthentication.SignOut();
            SessManager.CustomerID = -1;
        }
        
        //CHECK IF SEARCH BOT/SPIDER
        //--------------------------
        bool IsUncomonUser = false;
        string UncomonName = "";
 
        if (HttpContext.Current.Request.Browser.IsMobileDevice)
        {
            IsUncomonUser = true;
            UncomonName = "mobile";
        }
        else if (HttpContext.Current.Request.Browser.Crawler)
        {
            IsUncomonUser = true;
            UncomonName = "botspider";
        }
        else
        {
            string userAgent = HttpContext.Current.Request.UserAgent.ToLower();
            string[] botKeywords = new string[10] { "bot", "spider", "google", "yahoo", "search", "crawl", "slurp", "msn", "teoma", "ask.com" };
            foreach (string bot in botKeywords)
            {
                if (userAgent.Contains(bot))
                {
                    IsUncomonUser = true;
                    UncomonName = bot;
                }
            }
        }
 
        if (IsUncomonUser)
        {
            //FIGURE OUT HOUR PERIOD
            //----------------------
            int HourPeriodIndex = 1;
            if (DateTime.Now.Hour % 2 != 0)
            {
                HourPeriodIndex = DateTime.Now.Hour + 1;
            }
            else
            {
                HourPeriodIndex = DateTime.Now.Hour;
            }
 
            //CREATE UNCOMONUSER SESSION ID
            //-----------------------------
            string SessionIP = System.Web.HttpContext.Current.Request.UserHostAddress.Replace(".", "");
            string SessionDate = DateTime.Now.Day.ToString() + DateTime.Now.Month.ToString() + DateTime.Now.Year.ToString() + HourPeriodIndex.ToString();
            string SessionBrowser = HttpContext.Current.Request.Browser.Browser + HttpContext.Current.Request.Browser.MajorVersion;
            
            SessManager.SessionID = UncomonName + SessionIP + SessionDate + SessionBrowser;
        }
        else
        {
            SessManager.SessionID = HttpContext.Current.Session.SessionID;
        }
 
        //CREATE OR REUSE SESSION
        //-----------------------
        ClassLib.Website_Libraries.DBSessionManager DBSessManager = new ClassLib.Website_Libraries.DBSessionManager();
        if (DBSessManager.CheckSessionExists())
        {
            if (!DBSessManager.CheckSessionUsable())
            {
                Session.Abandon();
                Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
                Response.Redirect("~/Default.aspx");
                return;
            }
        }
        else
        {
            DBSessManager.CreateDBSession();
        }
 
        ClassLib.Website_Libraries.WebsiteQueryBuilder CharityFocusSess = new ClassLib.Website_Libraries.WebsiteQueryBuilder();
        SessManager.CharityFocusID = CharityFocusSess.GetCharityFocus();
    }
 
    void Session_End(object sender, EventArgs e)
    {
        Session.Abandon();
    }
       
</script>

Open in new window

LVL 10

NeoTeqCommented: 2008-06-20

I'm sorry, I can't find something that could be causing the problem. Perhaps we can narrow down the problem, given time... For instance, try to find out if it only happens when the user is authenticated (or not), if it only happens if it's some sort of bot (or not), etc... Let's see for what code paths the error happens, and then maybe we can resolve it.

Oh, one (off-topic) thing did catch my eye: isn't it better to use GetBaseException() in the Application_Error event?

LVL 2

NugsAuthor Commented: 2008-06-20

Yeah, it almost seems like (and i am totally speculating here) a process is running or executing long after any user is on the site. And the exception is thrown because there is no current session or anything and allot of my code relies on the presumption that there is a actual user on the site... Making sense since it is a website... I dunno though.

I spent all of last week adding extensive error handling and logging in order to really track down where they are being thrown, but since Application_Error is catching it is is hard to tell...

I will take your advice through and really nail down the session_start method to catch and log all incoming values, step by step in a text log file.

Very strange..

Nugs

LVL 10

NeoTeqCommented: 2008-06-20

Well, it should not be possible for the Session itself to be Nothing in the event handler, since this *should* be called after a session is made available. Also, I believe it has to be happening once there is an actual user, because else there would not be a Session to start at all.

Anyway, hopefully you'll be able to gather more information.

LVL 22

prairiedogCommented: 2008-06-20

>>>BUT i make 100% sure that System.Web.HttpContext and System.Web.HttpContext.Current is not null before trying to pull values from them.
Then add a check before you assign the value from line 106 to line 109:
else
{
SessManager.SessionID = HttpContext.Current.Session.SessionID;
}

It's just a shot in the dark.

LVL 2

NugsAuthor Commented: 2008-06-25

This exception still eludes me, i get an email on it almost once every day, and hundreds of hits each day which really is strange, i mean if this was a session start issue and at least 50% of the hits to the site would throw this exception.

prairiedog:I have taken you advice and check System.Web.HttpContext and System.Web.HttpContext.Current anywhere and everywhere i possibly can. Still get the exception.

NeoTeq:You are correct that i have to just catch this problem with more logging and error catching. I have a feeling it is happening deeper in on of the classes that SessionStart is calling.

Nugs