Random "Accessing expired session" warning

[ghost]

Hi, I have an application without Authentication.
All the user data is passed by an external portal via http headers on the first request, and I store it in Session.
I have configured the DistributedCache and Session services this way:
services.AddDistributedMemoryCache();
services.AddSession(o => o.IdleTimeout = TimeSpan.FromMinutes(20));
During navigation, the application sometimes loses the session way before the IdleTimeout, and checking the log I can see the “Accessing expired session” warning.
The problem is that it does not happen all the time, it’s totally random. The issue may happen once after 10 correct responses, or it may fail 10 times before succeeding.
It happens only after an Ajax call that returns a big amount of data (JSON format) that is rendered inside a Kendo UI Grid, but the Ajax call is always processed correctly, so there is no way for me to understand if during the next request I will get the "Accessing expired session" warning or not.
It looks like I'm missing a piece of configuration, but no matter what i adjust I still get the same warning with the same random frequency.

[Tratcher]

There are some known issues with MemoryCache (and DistributedMemoryCache) over-eagerly removing items due to perceived memory load. See CompactOnMemoryPressure: https://github.com/aspnet/Caching/blob/d417a71d7be76a629336227f3bb75d46bc6cf9a3/src/Microsoft.Extensions.Caching.Memory/MemoryCacheOptions.cs#L21

This has been redesigned for 2.0 RTM

[ghost]

Thank you for the information.

In the meantime we may have found a workaround for v1.1.2.
When having the services declared in this order we constantly lose the session:
services.AddMvc();
services.AddDistributedMemoryCache();
services.AddSession(o => o.IdleTimeout = TimeSpan.FromMinutes(20);

As soon as we invert the lines the problem disappears:
services.AddDistributedMemoryCache();
services.AddSession(o => o.IdleTimeout = TimeSpan.FromMinutes(20);
services.AddMvc();

This workaround is actually working, we have tried inverting multiple times the lines of code on multiple PCs and whenever we add Mvc after MemoryCache and Session we are never been able to get the "Accessing expired session" warning.

I thought only the Configure method needed to have each IApplicationBuilder defined in order, while adding IServiceCollection in the ConfigureServices method did not have that requirement.
Am I wrong? Does this make sense to you?

[Tratcher]

Service registration order can matter if multiple things try to register the same service differently. These differences may explain what you're seeing:
https://github.com/aspnet/Mvc/blob/rel/1.1.3/src/Microsoft.AspNetCore.Mvc.TagHelpers/DependencyInjection/TagHelperExtensions.cs#L34-L35
https://github.com/aspnet/Caching/blob/rel/1.1.2/src/Microsoft.Extensions.Caching.Memory/MemoryCacheServiceCollectionExtensions.cs#L83

The MVC registration uses a shared MemoryCache and shared MemoryCacheOptions. The Caching one uses an isolated MemoryCache and options. Sharing the cache may be worse for you if something else is putting a lot of load on it.

[ghost]

Thank you @Tratcher for your clarification!