ASP.NET_SessionId is missing

Question

I am losing the ASP.NET_SessionId when switching between pages on my site. The issue happens in Chrome/Firefox/Safari. It does not happen in IE. It is rather strange...here is my scenario.

My site can be accessed by entering www.example.org or example.org in browser (this is an important piece of info as you will see).

I enter example.org. From my home page, I log into to my site (note: I am not using ASP.NET forms authentication). I am sent to my default user page (e.g., userpage.aspx). From this page, I click on an <a> that sends me to a different page on my site. The <a> link is full-qualified (e.g., http://www.example.org/page2.aspx). When I get sent to the new page, my session is lost!

So, I ran Fiddler to try and discover the problem. What I found was interesting. The Request Header tag Referer was getting lost between pages.

Here are the steps:

1. Go to example.org.
2. Login to example.org.
3. I get redirected to userpage.aspx. The Referer is http://example.org. The ASP.NET_SessionId is set.
4. I click on the <a> (e.g., http://www.example.org/page2.aspx). After the page is rendered, the ASP.NET_SessionId is lost.

The lost ASP.NET_SessionId is lost consistently is Chrome/Firefox/Safari. This does not happen in IE.

If repeat the above steps by substituting example.org with www.example.org, the ASP.NET_SessionId is not lost. It works, correctly each time.

Any thoughts on this behavior?

Answer 1

Add this to your web.config under the <system.web> element

<httpCookies domain=".mysite.com" />

See if there is any change in behavior. It sounds as though sub-domains are failing although I thought the cookie was based at the root domain to begin with. this should force it that way.