C++ / C#

HttpContext.Current.Session?

Hello. Not so long ago I ran into an incomprehensible problem on the site - there is an asp.net mvc project, there is a single-tone SiteUser class through which all work with services is carried out.
upon successful authorization, the current user is stored in the session collection:

1. static readonly string sessionKey = "SiteUser";
   
2.  
   
3. public static SiteUser Create()  
   
4. {  
   
5.     SiteUser.Current = new SiteUser();  
   
6.  
   
7.     return SiteUser.Current;
   
8. }  
   
9.  
   
10. public static SiteUser Current  
    
11. {  
    
12.     get  
    
13.     {  
    
14.         if (HttpContext.Current.Session == null || HttpContext.Current.Session[sessionKey] == null)  
    
15.         {  
    
16.             throw new SiteUserAutorizationExeption();  
    
17.         }
    
18.  
    
19.         return HttpContext.Current.Session[sessionKey] as SiteUser;  
    
20.     }
    
21.     set
    
22.     {
    
23.         if (!HttpContext.Current.Session == null)
    
24.         {
    
25.             HttpContext.Current.Session[sessionKey] = value;
    
26.         }
    
27.     }  
    
28. }
    

Everything works, but sometimes (sic!) an exception is triggered by the second condition, i.e.

1. HttpContext.Current.Session[sessionKey] == null
   

- while the session is active, the FormsAuthenticationTicket has not expired.
Adding to the puzzle is the fact that session collections also contain, for example, culture settings that are not reset. It is clear that nowhere in the code is there a forced zeroing of Session[sessionKey].
Perhaps someone came across, tell me what you can try / see / fix?
ps session settings in web.config:

1. <sessionState mode="InProc" timeout="20" />
   

update:
as suggested in the comments, at first I also thought that it was just the session dying, and tried to store the duration of the session and log the change in variables - but the SessionEnd did not show itself :-( and if it did, then by the timeout that is registered in the web.config
so... last night I downloaded the symbol tables of the .net framework sources, set breakpoints to change the collection in the depths of the HttpContext (SessionStateItemCollection) and waited, clicked ... but the bug did not appear anymore, I decided to set a timeout for a minute to see what happens with the session and the collection - the autopsy showed several things:
1) NULL accept all elements of the collection, just culture settings quickly and deftly return themselves back
2) zeroing occurs at the end of the session, which is obvious
in principle, now it is at least clear that not just one element of the session collection is deleted, but the entire session. but it's still not clear why she allows herself to behave this way, because 20 minutes are specified in web.config