SessionStateModule vs runAllManagedModulesForAllRequests="true"

Question

At the moment I have the attribute runAllManagedModulesForAllRequests="true" set, so my modules are running for all the requests. I guess that includes the SessionStateModule.

When trying to access the session object in the PostAcquireRequestState event handler in one of my custom modules, the HttpContext.Current.Session is null when the HttpApplication.Context.CurrentHandler is null (e.g.: for a JS/CSS file), and it is not null when the handler is MvcHandler (because it is a managed handler I guess).

I have been taking a look to the SessionStateModule code in ILSpy and I couldn't find where is taking the decision of skip Session for that request.

I have been looking in %windir%\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config and there is no mention of SessionStateModule, and in the Web.config in that folder I found:

<add name="Session" type="System.Web.SessionState.SessionStateModule" />

So it is not using any precondition like managedHandler.

Does anybody know why is the SessionStateModule skipping requests for non-managed resources even when the attribute runAllManagedModulesForAllRequests is set?

Cheers.

Answer 1

It seems IIS loads default modules with the managed handler precondition to ensure backward compatibility. http://forums.iis.net/post/1904024.aspx