Session state is available during and after appropriately named HttpApplication.PostAcquireRequestState.
Occurs when the request state (for example, session state) that is associated with the current request has been obtained.
Full sequence of events with descriptions is available somewhere on [MSDN](http://msdn.microsoft.com/en-us/library/bb470252.aspx and other sites like ASP.NET Application Life Cycle
Shortened list of events below (many events are omitted, see MSDN link for details):
BeginRequest
AuthenticateRequest
AcquireRequestState
PostAcquireRequestState
ProcessRequest
method (or the asynchronous versionIHttpAsyncHandler.BeginProcessRequest
) of the appropriate IHttpHandler class for the request. For example, if the request is for a page, the current page instance handles the request.
Note that session state is not available till at least AcquireRequestState
(where it may be available if SessionStateModule
managed to receive that event before your code). There is no way Session
will be available during BeginRequest
.
Note that there are explicit authentication events that should be used if you need authentication/authorization (also it is not usable for your case as you keep auth information in session state).