Today’s gotcha: Beware of Response.End()

For various reasons related to a SSO scenario I have a custom handler which the client calls when loading a page. The handler was basically three lines of code. This post is about the third line. Which is no longer in there.

Page loading time: 115 seconds

So the client hits my handler and receives a redirect script after which it nicely requests the page redirected to. Then it yawns for almost two minutes before the page loads. Subsequent requests are nice and quick. What is going on?

The application and page lifecycle

Something every ASP.NET developer should know is the Page lifecycle. But it is also useful to know something about the Application lifecycle.

I could quickly determine that the delay didn’t occur in the Page handler because not even Page_PreInit got hit until just before the request returned. Digging into the application events i started making handlers for nearly every one in my Global.asax.cs file. A lot of breakpoints later it was clear where the application stopped.

Session state locks

The application passed Application_PostMapRequestHandler but was then delayed before entering Application_AcquireRequestState. Then it dawned on me: The session state was locked! ASP.NET locks the session state, basically blocking parallell requests in the same session to prevent race conditions between a client’s requests. A request was apparently not releasing this lock.

The culprit

For some reason I had put a call to the HttpResponse.End() method in my custom handler. I never did it before, I just wanted this handler to return its short script line as quickly as possible. Somewhere I had probably seen the use of Response.End() and just threw it in there. Big mistake. Apparently this prevents the application from releasing the lock on the session state.