How to remove AspxAutoDetectCookieSupport

Question

Many of my url's on my site www.mysite.com/Display.aspx?ID=128

gets displayed to users as

www.mysite.com/Display.aspx?ID=128&AspxAutoDetectCookieSupport=1

How can I remove AspxAutoDetectCookieSupport.

I understand it has to do something with cookie in web.config, but where? And what would be the implications if I remove that. How to remove?

Answer 1

To remove this, change the cookieless property of sessionState in your web.config to false.

e.g.

<sessionState mode="InProc" cookieless="false" timeout="20" />

When cookieless is set to autodetect, the framework generates the AspxAutoDetectCookieSupport querystring to determine if the client has cookie support. If the client does not have cookies enabled, ASP.Net will store the users Session Id directly in the URL.

An application using ASP.Net cookieless session support http://i.msdn.microsoft.com/Aa479314.cookieless01(en-us,MSDN.10).gif

An application using ASP.Net cookieless session support

This potentially opens up your application to session hijacking and might be considered a risk. A better option may be to disable this feature and alert your users that they will need to have cookies enabled to use your application.

For more a more detailed look at this, read Cookieless ASP.Net by Dino Esposito on MSDN.