UPDATE (2014-06-12): Starting from log4net 1.2.11 you can use %aspnet-request{ASP.NET_SessionId} in conversion pattern for this purpose.

References: https://issues.apache.org/jira/browse/LOG4NET-87 http://logging.apache.org/log4net/release/sdk/log4net.Layout.PatternLayout.html

You should create Application_PostAcquireRequestState handler in Global.asax.cs (it is called in every request):

protected void Application_PostAcquireRequestState(object sender, EventArgs e)
{
    log4net.ThreadContext.Properties["SessionID"] = Session.SessionID;
}

And add [%property{SessionID}] to conversionPattern.

You can try:

<conversionPattern
    value="%date %-5level %logger ${COMPUTERNAME} [%property{SessionID}] - %message%newline" />

...in your Web.config, and in Global.asax.cs:

protected void Session_Start(object sender, EventArgs e)
{
    log4net.ThreadContext.Properties["SessionID"] = Session.SessionID;
    log4net.Config.XmlConfigurator.Configure();
}

Alexander K. is nearly correct. The only problem with it is that the PostAcquireRequestState event also occurs for static requests. A call to Session in this situation will cause a HttpException.

Therefore the correct solution becomes:

protected void Application_PostAcquireRequestState(object sender, EventArgs e)
{
    if (Context.Handler is IRequiresSessionState)
    {
        log4net.ThreadContext.Properties["SessionId"] = Session.SessionID;
    }
}

Someone corrects me if I am wrong, but one ASP.NET thread can handle multiple sessions, so you can not use Session_Start as it is called once when the session starts. What it means is that as soon as a different user accesss the web site, your log4net.ThreadContext might be overwritten by the new user information.

You can either put the below code in Application_AcquireRequestState, or create a HttpModule and do that in AcquireRequestState method. AcquireRequestState is called when ASP.NET runtime is ready to acquire the Session state of the current HTTP request. If you interested in getting username, you can do that in AuthenticateRequest which is raised when ASP.NET runtime is ready to authenticate the identity of the user (and before the AcquireRequestState).

    private void AcquireRequestState(Object source, EventArgs e)
    {
        HttpApplication application = (HttpApplication)source;
        HttpContext context = application.Context;
        log4net.ThreadContext.Properties["SessionId"] = context.Session.SessionID;
     }

After that you can set up your log4net.config (or in web.config) like this.

<appender name="rollingFile"
      type="log4net.Appender.RollingFileAppender,log4net" >
  <param name="AppendToFile" value="false" />
  <param name="RollingStyle" value="Date" />
  <param name="DatePattern" value="yyyy.MM.dd" />
  <param name="StaticLogFileName" value="true" />

  <param name="File" value="log.txt" />
  <layout type="log4net.Layout.PatternLayout,log4net">
    <param name="ConversionPattern"
      value="%property{SessionId} %d [%t] %-5p %c - %m%n" />
  </layout>
</appender>

Hope this helps!

I was looking answer for this too and found out that %aspnet-request{ASP.NET_SessionId} works fine for me.