We have one customer integrated customized code with SharePoint Web Application, but always meet

System.NullReferenceException exception.

Captured .NET exception dump, found it happens when access Session object:

000007ff`00fc2067 e8d4bb58ec      call    system_web_ni+0x25dc40 (000007fe`ed54dc40) (System.Web.HttpContext.get_Current(), mdToken: 060003c6)

000007ff`00fc206c 803800          cmp     byte ptr [rax],0

000007ff`00fc206f 488bc8          mov     rcx,rax

000007ff`00fc2072 e8511453ec      call    system_web_ni+0x2034c8 (000007fe`ed4f34c8) (System.Web.HttpContext.get_Session(), mdToken: 060003e2)

000007ff`00fc2077 48bb98c6a37f01000000 mov rbx,17FA3C698h

000007ff`00fc2081 488b13          mov     rdx,qword ptr [rbx]

>>> 000007ff`00fc2084 803800          cmp     byte ptr [rax],0

 

The broken code statement is like:

HttpContext.Current.Session["userdata"] = "123";

To fix this type of issue, we explicitly set EnableSessionState as True in Web.Config

<%@ Page EnableSessionState="True" %>

And ensure all related individual pages don't set this value as False in page level. After that, the issue still happens, in memory dump, the System.Web.SessionState.InProcSessionState object doesn't appear at all.

Further check the Web.Config in SharePoint web.config, found ASP.NET session module was commented:

    <!-- <add name="Session" type="System.Web.SessionState.SessionStateModule"/> -->

Conclusion

==========

For current SharePoint web applications, this is a default behavior that Session object is not accessible because SharePoint application removes the Session Module and set EnableSessionState as False. After add the session module back and set the EnableSessionState as True in Web.Config, the System.NullReferenceException problem got resolved.

Freist from APGC DSI Team