I have written a custom owin middleware for two factor authentication, but sometimes it happens HttpContext.Current.Session throws an exception of object reference is not set to an instance of an object, when it checks for new session.
I checked HttpContext.Current is null, it always works on Chrome, sometimes in IE, but not on Mozilla
You can refer the following link-http://vegetarianprogrammer.blogspot.in/2012/12/understanding-synchronizationcontext-in.html
You can add the following key in your config.
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />