I am implementing captcha on the first page of my web application ie. on the login page. The captcha value is set in the generic handler which needs to be accessed in login.aspx page for verification.

The captcha was working perfectly fine until I added a code to reset session ID every time user comes to the login page. I have this in my page load even of login.aspx:

private void Page_Load(object sender, System.EventArgs e)
{
  if(!IsPostBack)
  {
     Session.Abandon();
     Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
  }
}

I tried with this code also to get new sessionId:

private void Page_Load(object sender, System.EventArgs e)
{
  if(!IsPostBack)
  {
      SessionIDManager manager = new SessionIDManager();
      string newID = manager.CreateSessionID(Context);
      bool redirected = false;
      bool isAdded = false;
      manager.SaveSessionID(Context, newID, out redirected, out isAdded);
  }
}

As I am resetting the sessionId I am unable to fetch session parameter saved in Handler in login.aspx. NO Idea why, as I am resetting session in page load and then control goes to the handler where session parameter is set, then on login click I would like to verify the Session parameter set in Handler with the typed-in value. But somehow I am not getting to access the session parameter. I am getting error "Object reference not set to an instance of an object".

I need to reset my SessionId as the auditing company has asked me to do so. Any suggestion on how I can achieve both things: Resetting SessionID and using Captcha?

Make sure that the session reset code is only called when you first load the page and not on the postback when the login button is clicked. The Page_Load should look something like this:

private void Page_Load(object sender, System.EventArgs e)
{
  if(!IsPostBack)
  {
    Session.Abandon();
    Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
  }
}