Unable to serialize the session state

Sep 9, 2009 at 2:25 PM

Hi,

I'm trying to urgently get a demo of this working for a client but am running into the following error:

Unable to serialize the session state. In 'StateServer' and 'SQLServer' mode, ASP.NET will serialize the session state objects, and as a result non-serializable objects or MarshalByRef objects are not permitted. The same restriction applies if similar serialization is done by the custom session state store in 'Custom' mode.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: Unable to serialize the session state. In 'StateServer' and 'SQLServer' mode, ASP.NET will serialize the session state objects, and as a result non-serializable objects or MarshalByRef objects are not permitted. The same restriction applies if similar serialization is done by the custom session state store in 'Custom' mode.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


Stack Trace:

[SerializationException: Type 'DotNetOpenAuth.OAuth.WebConsumer' in Assembly 'DotNetOpenAuth, Version=3.2.0.9177, Culture=neutral, PublicKeyToken=2780ccd10d57b246' is not marked as serializable.]
   System.Runtime.Serialization.FormatterServices.InternalGetSerializableMembers(RuntimeType type) +7731563
   System.Runtime.Serialization.FormatterServices.GetSerializableMembers(Type type, StreamingContext context) +258
   System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.InitMemberInfo() +111
   System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.InitSerialize(Object obj, ISurrogateSelector surrogateSelector, StreamingContext context, SerObjectInfoInit serObjectInfoInit, IFormatterConverter converter, ObjectWriter objectWriter) +161
   System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.Serialize(Object obj, ISurrogateSelector surrogateSelector, StreamingContext context, SerObjectInfoInit serObjectInfoInit, IFormatterConverter converter, ObjectWriter objectWriter) +51
   System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Write(WriteObjectInfo objectInfo, NameInfo memberNameInfo, NameInfo typeNameInfo) +7629636
   System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck) +461
   System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck) +134
   System.Web.Util.AltSerialization.WriteValueToStream(Object value, BinaryWriter writer) +1577

[HttpException (0x80004005): Unable to serialize the session state. In 'StateServer' and 'SQLServer' mode, ASP.NET will serialize the session state objects, and as a result non-serializable objects or MarshalByRef objects are not permitted. The same restriction applies if similar serialization is done by the custom session state store in 'Custom' mode.]
   System.Web.Util.AltSerialization.WriteValueToStream(Object value, BinaryWriter writer) +1662
   System.Web.SessionState.SessionStateItemCollection.WriteValueToStreamWithAssert(Object value, BinaryWriter writer) +34
   System.Web.SessionState.SessionStateItemCollection.Serialize(BinaryWriter writer) +606
   System.Web.SessionState.SessionStateUtility.Serialize(SessionStateStoreData item, Stream stream) +239
   System.Web.SessionState.SessionStateUtility.SerializeStoreData(SessionStateStoreData item, Int32 initialStreamSize, Byte[]& buf, Int32& length) +72
   System.Web.SessionState.OutOfProcSessionStateStore.SetAndReleaseItemExclusive(HttpContext context, String id, SessionStateStoreData item, Object lockId, Boolean newItem) +87
   System.Web.SessionState.SessionStateModule.OnReleaseState(Object source, EventArgs eventArgs) +560
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75


The WebConsumer class in dotnetopenauth isn't marked as serializable, so when InMemoryTokenManager tries to store this in session it throws this error.

I've downloaded the source for dotnetopenauth and tried altering the WebConsumer class but am now running into issues with the signing of the assembly that frankly I don't understand.

Does anyone have an alternative to InMemoryTokenManager I could use that doesn't use session state?

Sep 9, 2009 at 3:45 PM

Think I've fixed it. The sessionState mode in the web.config was set to "StateServer" in the solution I downloaded. I changed this to "InProc" and it now seems to be working.

Sep 10, 2009 at 2:32 PM

WebConsumer is intentionally unserializable.  And InMemoryTokenManager doesn't have a reference to WebConsumer (at least not out of the box), so that isn't what's causing this problem.  In fact, InMemoryTokenManager is stored in application state, not session state.  

Somewhere else the WebConsumer is getting tucked into session state, which is really bad.  Your workaround sounds reasonable for purposes of a demo, however.

Sep 10, 2009 at 2:40 PM

I see that the sample web site includes this snippet:

 

        // can even add a TwitterContext, which is serializable
        // to session, if it makes sense for your requirements
        Session["TwitterContext"] = twitterCtx;

        // can even add a TwitterContext, which is serializable

        // to session, if it makes sense for your requirements

        Session["TwitterContext"] = twitterCtx;

This should be removed.  For OAuth Twitter, this is not a good idea.

Sep 10, 2009 at 2:41 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Sep 10, 2009 at 2:45 PM

Thanks for your feedback. I've commented out the offending code.