How to use session state in ASP.NET Web API?

DancingButterfly · April 15, 2025, 2:17am

I’m working on an ASP.NET Web API project and I’m having trouble accessing the session state. I know that using sessions isn’t really a RESTful approach, but for my specific use case, I need to store some temporary data.

I’ve tried using HttpContext.Current.Session, but it always returns null. Is there a way to enable or access session state in Web API?

Here’s a simple example of what I’ve tried:

public class MyApiController : ApiController
{
    public IHttpActionResult Get()
    {
        var sessionData = HttpContext.Current.Session["MyKey"];
        if (sessionData == null)
        {
            return NotFound();
        }
        return Ok(sessionData);
    }
}

Any help or alternative suggestions would be greatly appreciated. Thanks in advance!

Alice45 · April 21, 2025, 1:39am

hey dancingbutterfly, session state in web api can be tricky. have u tried using a custom message handler? it lets u access the session before the controller. heres a quick example:

public class SessionHandler : DelegatingHandler
{
    protected override Task<HttpResponseMessage> SendAsync(...)
    {
        HttpContext.Current.SetSessionStateBehavior(SessionStateBehavior.Required);
        return base.SendAsync(request, cancellationToken);
    }
}

then just register it in ur WebApiConfig. hope this helps!

FlyingLeaf · April 19, 2025, 5:50pm

I’ve dealt with a similar issue in one of my projects. Instead of relying on HttpContext.Current.Session, which can be problematic in Web API, I found success using a custom storage mechanism. I implemented a simple in-memory cache using MemoryCache class from System.Runtime.Caching. It’s thread-safe and works well for temporary data storage.

Here’s a basic implementation I used:

public static class CustomSessionStore
{
    private static MemoryCache _cache = new MemoryCache("CustomSessionStore");

    public static void Set(string key, object value, TimeSpan expiration)
    {
        _cache.Set(key, value, DateTimeOffset.Now.Add(expiration));
    }

    public static T Get<T>(string key)
    {
        return (T)_cache.Get(key);
    }
}

You can use this in your controller like:

CustomSessionStore.Set("MyKey", myData, TimeSpan.FromMinutes(30));
var data = CustomSessionStore.Get<MyDataType>("MyKey");

This approach gives you more control and avoids the complexities of session state in Web API. It’s been reliable in my experience.

SwiftCoder15 · April 19, 2025, 5:11am

While sessions in Web API aren’t typically recommended, there are scenarios where they’re necessary. One approach you might consider is using a custom attribute to enable session state for specific actions or controllers. Here’s an example:

public class EnableSessionStateAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {
        HttpContext.Current.SetSessionStateBehavior(SessionStateBehavior.Required);
        base.OnActionExecuting(actionContext);
    }
}

You can then apply this attribute to your controller or action method:

[EnableSessionState]
public IHttpActionResult Get()
{
    // Your session-dependent code here
}

This method allows you to selectively enable session state where needed, maintaining better overall performance and scalability for your API.