Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET_SessionId is missing

Tags:

asp.net

iis-7

I am losing the ASP.NET_SessionId when switching between pages on my site. The issue happens in Chrome/Firefox/Safari. It does not happen in IE. It is rather strange...here is my scenario.

My site can be accessed by entering www.example.org or example.org in browser (this is an important piece of info as you will see).

I enter example.org. From my home page, I log into to my site (note: I am not using ASP.NET forms authentication). I am sent to my default user page (e.g., userpage.aspx). From this page, I click on an <a> that sends me to a different page on my site. The <a> link is full-qualified (e.g., http://www.example.org/page2.aspx). When I get sent to the new page, my session is lost!

So, I ran Fiddler to try and discover the problem. What I found was interesting. The Request Header tag Referer was getting lost between pages.

Here are the steps:

  1. Go to example.org.
  2. Login to example.org.
  3. I get redirected to userpage.aspx. The Referer is http://example.org. The ASP.NET_SessionId is set.
  4. I click on the <a> (e.g., http://www.example.org/page2.aspx). After the page is rendered, the ASP.NET_SessionId is lost.

The lost ASP.NET_SessionId is lost consistently is Chrome/Firefox/Safari. This does not happen in IE.

If repeat the above steps by substituting example.org with www.example.org, the ASP.NET_SessionId is not lost. It works, correctly each time.

Any thoughts on this behavior?

like image 352
Steve Avatar asked Apr 04 '12 14:04

Steve


People also ask

What is ASP Net_SessionId?

Net_SessionId is a cookie which is used to identify the users session on the server. The session being an area on the server which can be used to store data in between http requests. For example, the controller action may perform: Session["FirstName"] = model.

What is ASP.NET ApplicationCookie?

AspNet. ApplicationCookie basically is created when you use cookie authentication in your application. This cookie is created by the server on user request and is stored by the browser. AspNet. ApplicationCookie gets sent with each subsequent request to inform the server the identity of the logged in user.

What is Cookieless SessionID explain in brief?

cookieless means that the sessionId is munged into the url for each request as opposed to setting a cookie on the browser.


1 Answers

Add this to your web.config under the <system.web> element

<httpCookies domain=".mysite.com" />

See if there is any change in behavior. It sounds as though sub-domains are failing although I thought the cookie was based at the root domain to begin with. this should force it that way.

like image 105
Adam Tuliper Avatar answered Sep 30 '22 14:09

Adam Tuliper