IIS7 Session loses its values

[bwe45]

I've implemented a challenge-response scheme as an Ajax handler.For some reason it stopped working after working fine for a couple months.Investigating the issue showed that \[code\]Context.Session[KEY]\[/code\] had lost its value between the challenge and the response calls.I put \[code\]Session_Start\[/code\] and \[code\]Session_End\[/code\] (and a few other) methods in Global.asax.cs with some logging there and I see a new Session_Start event being fired with the same session ID and there was no Session_End eventQuestion is: why does IIS lose the session values?Pseudo code for Login.ashx:\[code\]string login = GetParameter("login", context);string passhash = GetParameter("pass", context);string challenge = "" + Context.Session["CHALLENGE"];if (!string.IsNullOrEmpty(challenge)){ // this is the 'response' part string challengeResponse = Crypto.GetChallengeResponse(Challenge, UserFromDB.PassHash); if (challengeResponse == passhash) { // Great success, challenge matches the response Log.I("Success"); return "SUCCESS"; } else { Log.W("Failed to respond"); return "FAILED TO RESPOND"; }}else{ // if passed login or session-stored challenge are empty - issue a new challenge challenge = "Challenge: "+ Crypto.GetRandomToken(); Context.Session["CHALLENGE"] = challenge; Log.I("Sent Challenge"); // this is what's in the log below return challenge;}\[/code\]Here's the log, Session started appears with each call, Session.Keys.Count stays 0 even though Session["CHALLENGE"] should have been set:\[code\]// This is the challenge request:[] **Session started**: sr4m4o11tckwc21kjryxp22i Keys: 0 AppDomain: /LM/W3SVC/1/ROOT-4-130081332618313933 #44 [] Processing: <sv> **MYWEBSITE/ajax/Login.ashx** SID=sr4m4o11tckwc21kjryxp22i [] Sent Challenge @Login.ashx.cs-80 // this is the response, note that there's another Session started with the same key// and the session didn't keep[] **Session started**: sr4m4o11tckwc21kjryxp22i Keys: 0 AppDomain: /LM/W3SVC/1/ROOT-4-130081332625333945 #93 [] Processing: <sv> **MYWEBSITE/ajax/Login.ashx?login=MYLOGIN&pass=RuhQr1vjKg_CDFw3JoSYTsiW0V0L9K6k6==**[] Sent Challenge @Login.ashx.cs-80 >Session: sr4m4o11tckwc21kjryxp22i \[/code\]