Why are there two incompatible session state types in ASP.NET?

I see two means of working with session data in ASP.NET MVC:

• System.Web.SessionState.HttpSessionState, available on HttpApplication
• System.Web.HttpSessionStateBase, available on Controller

Data stored in one seems to be available in the other.

Unfortunately the only common ancestor of these two types is System.Object, meaning that I can't create reusable utility code for the abstraction of either.

Why is the API this way? Is there an important difference between the two that I am missing?

In ASP.NET MVC abstractions over the classic HttpContext objects Request, Response, Session were introduced. They represent abstract classes and are exposed all over the MVC framework to hide the underlying context and simplify the unit testing because abstract classes can be mocked.

For example for the session object you have HttpSessionStateBase and its implementation HttpSessionStateWrapper.

Here's an example of how to convert between the classic ASP.NET session and the abstraction:

HttpSessionStateBase session = new HttpSessionStateWrapper(HttpContext.Current.Session);

So the System.Web.SessionState.HttpSessionState which you are referring to is the underlying session object which existed ever since classic ASP.NET 1.0. In MVC this object is wrapped into a HttpSessionStateWrapper. But since ASP.NET MVC is an ASP.NET application you still get the Global.asax in which you have the bare session.