Last night while I was frantically getting the training registration system running I ran into an issue that I had never come across before.  This website has a simple shopping cart that relies on session state variables to maintain the cart content.

All was working fine in the development environment (VS2008 Casinni, Windows 7 IIS7) and I was happy with how it was working.  So I decided to deploy to my live server.  All looked good until I tired to view the cart. BAM!!!  big YSOD.

Session state can only be used when enableSessionState is set to true,
either in a configuration file or in the Page directive. Please also
make sure that System.Web.SessionStateModule or a custom session state
module is included in the <configuration>\<system.web>\<httpModules>
section in the application configuration.

I went and checked the web config and everything looked in order.  I had the necessary attributes on the <pages> tag of enableSessionState="true" etc but still no luck.   After trawling the internet for about 2 hours and trying many different suggestions my web.config was starting to look nasty and then I stumbled across an old blog entry on the Umbraco site that discussed migrating to ASP.NET 3.5 and II7

Apparently my issue is to do with extensionless URLs and IIS 7.  For some reason with extensionless URLs the Session State does not get initialized.  To ensure that the Session State is initialized everytime you need to add runAllManagedModulesForAllRequests="True" to the modules tag in the system.webServer section of the web.config II7.  it should look like this.

<modules runAllManagedModulesForAllRequests="True">

And voila!  Session State works again.