Difference between Session and HttpContext.Current.Session

What is the difference between Session and HttpContext.Current.Session object?

A little late here, but here's something I just discovered.

@Phillipe Leybaert and @CSharpAtl are both incorrect. HttpApplication's Session property exhibits different behaviour than does that of the property HttpContext.Current.Session. They will both return a reference to the same HttpSessionState instance if one is available. They differ in what they do when there is no instance of HttpSessionState available for the current request.

Not all HttpHandlers provide session state. To do so, the HttpHandler must implement [one or both?] the marker interfaces IRequiresSessionState or IReadOnlySessionState.

HttpContext.Current.Session simply returns null if there is no session available.

The HttpApplication's implementation of the Session property throws an HttpException with the message Session state is not available in this context. rather than returning a null reference.

Some examples of HttpHandler that do not implement session are the default handlers for normally static resources, such as image and CSS files. Any reference to the HttpApplication's Session property in such cases (as in global.asax event handlers) will result an HttpException being thrown.

Needless to say, the unexpected HttpException provides a WTF?! moment if you're not expecting it.

The Session property of the HttpApplication class is implemented thus (from Reflector):

[Browsable(false), DesignerSerializationVisibility(DesignerSerializationVisibility.Hidden)]
public HttpSessionState Session
{
  get
  {
    HttpSessionState session = null;
    
    if (this._session != null)
    {
        session = this._session;
    }
    else if (this._context != null)
    {
        session = this._context.Session;
    }
    
    if (session == null)
    {
        throw new HttpException(SR.GetString("Session_not_available"));
    }
    
    return session;
  }
}

There is no difference.

The getter for Page.Session returns the context session.

Nothing. Session just points to the HttpContext.Current.Session.

Internally, Page.Session points to It's HttpContext.Current.Session only, but there are still two differences depending on from where it's called.

Page.Session can be accessed only from classes inherited from System.Web.UI.Page and it will throw HttpException when accessed from WebMethod.
Where as HttpContext.Current.Session can be accessed from anywhere as long as you're running in the context of a web application.


Other important difference where you can access Page.Session but cannot access HttpContext.Current.Session :

If there is a method named GetData in your page(inherited from System.Web.UI.Page) which is executed concurrently in different threads from some other page method, GetData method can access the Page.Seession, but you cannot access HttpContext.Current.Session.

It's because GetData has been called from different thread so HttpContext.Current is null and HttpContext.Current.Session will throw null reference exception, but Page.Session will still be attached with page object so page method GetData can access the Page.Session.