Many of my url's on my site www.mysite.com/Display.aspx?ID=128
gets displayed to users as
www.mysite.com/Display.aspx?ID=128&AspxAutoDetectCookieSupport=1
How can I remove AspxAutoDetectCookieSupport.
I understand it has to do something with cookie in web.config, but where? And what would be the implications if I remove that. How to remove?
To remove this, change the cookieless property of sessionState in your web.config to false.
e.g.
<sessionState mode="InProc" cookieless="false" timeout="20" />
When cookieless is set to autodetect, the framework generates the AspxAutoDetectCookieSupport querystring to determine if the client has cookie support. If the client does not have cookies enabled, ASP.Net will store the users Session Id directly in the URL.
An application using ASP.Net cookieless session support http://i.msdn.microsoft.com/Aa479314.cookieless01(en-us,MSDN.10).gif
An application using ASP.Net cookieless session support
This potentially opens up your application to session hijacking and might be considered a risk. A better option may be to disable this feature and alert your users that they will need to have cookies enabled to use your application.
For more a more detailed look at this, read Cookieless ASP.Net by Dino Esposito on MSDN.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With