State Management :: Redirect Causing A Loss Of Session Cookie?
May 17, 2010
We have a web app running .net 1.1 that users must login to access (uses FormsAuthentication). At one point, the user submits a form that is handled by a separate web app on the same website but in a different directory (running .net 2.0 and not requiring authentication). When the user submits the form and is redirected to this other page they have some options including returning to the previous web app.
We need our users to stay logged in to the first web app so they do not have to log in again when returning. This works fine on 3 out of four computers, but the fourth computer is asked to log in when they hit the return button (by reviewing the active cookies we see that when it returns to the original web app, the FormsAuthentication cookie is missing)
why this cookie would disappear on one machine but not the others? I am going through IE settings now but the machine has the problem in IE and Chrome (not sure if this would be a shared setting) If it is an IE setting is there a way to make this work without requiring the user to change their settings and without switching to cookieless sessions?
Here is the authentication part of web.config
[Code]....
And if it makes a difference, the redirect and form action property use a the full path, would using a relative path likely change anything?
I'm still debugging my application so it's on the local server. As I debug and stop then debug again, eventually lblNoOfUsers.text turns to "0" instead of "1", even as I'm navigating my application. It only turns to "1" again if I log out and sign back in. It's almost as though Membership.GetNumberOfUsersOnline my login are referencing two different session states. How is this possible? Does asp.net create a new session state cookie each time I start debugging?
I need to make my asp.net session cookie as secure but whenever i check user authentication and after that i am trying to set cookie to true then my session lost my user information and so it always redirect login page. I am settings user to HttpContext.Current.Session["user"] and check every time, is user is valid and if valid then move ahead. but before that i make my asp.net session cookie as true.
[Code]....
but after that i observe that somehow "Session_Start" event gets called.
We have a local homepage, which connect to our production security environment. When I need to test my site in test environment, I need to get fresh cookie (not the one that was sent to me via production security service, when I opened IE with local homepage).
I am getting fresh cookie fine in Mozilla; but in IE I always have production cookie, and this disables my testing. What I should fix here?
I've noticed that once I've instantiated 3-4 objects now, my ASPX page is running slower. The response from the server (which is my own PC) is taking longer.
With one or two objects, the performance is same. After I instantiate 3, it slows a little, and 4 just completely wears it down.
I've read this article: [URL]
that says to avoid using session variables especially storing objects into them. Well thats exactly what I'm doing. My object has about 10 methods(~30 lines of code each) and 20 fields.
My question is, if I want to persist object in memory for each user session, how else could I store them on each postback if not in the session variable>? I can't use application variable because thats shared and not thread safe.
I would like to change ASP.NET session cookie name "ASP.NET_Sessionid" to some other name. I specified <sessionState cookieName="MyCookieName" />. When I use fiddler to view response header, I can see "MyCookieName" with random generated number under cookie section, however, ASP.NET_SessionId also exist there.
I have a website for a simple game. When people sign in their Player ID is stored in a Session variable. I have integrated SMS payments so that my players can buy credits to use to play. This is where the problems start:
To buy credits, players are presented with an .aspx page that holds an IFRAME of the SMS payment proviers form. A code is entered, and the IFRAME POSTS to a URL on the providers server. It is then redirected back to an URL on my server(www.XXX.com/process.aspx), where I handle the results (i.e adds credits to th players account if the payment was successfull).
However, the session dies on return.
I tried with cookies, and saves the player ID in a cookie, but when upon return to www.XXX.com/process.aspx I cannot read the cookie? I'm checking for if (cookie == null) and it evaluates to TRUE, so the player is redirected to an error page.
How come the cookie cant be read? Is it because the POST is coming from an outside URL? And, what about when I do it with a session variable? Same thing there?
If I have two "webroles" (azure), that are NOT using a shared custom state provider, is the "Session.SessionID" be the same in both?It would make sense ,considering that both get the same cookie (because are in the same domain) and have the same machineKey, but I'm not sure
I have an ASP.NET web site that responds with multiple skins depending on the domain that it is accessed via.
The problem is that authentication and some other features seem to suffer random glitches where the user is sent back to the log in screen, or other session controlled values appear to have been lost - but only when accessed via one of the domains. The other domain does not suffer the same issue.
On our test system, the issues DOES NOT exist when accessing via any domain. On live, the issue will happen at varying times during the session, even with identical steps followed. It is for these reasons that I don't think it is a bug in the application software.
On the live system, where the issue is, two websites are set up in IIS, each with bindings to the required domain. One accesses the site through a virtual directory at http://mysite.com/myvirtualdir, the other accesses the site at the root path at [URL]. I don't think that the virtual directory is the issue however.
Is there anyway I can simulate the loss of the InProc session state? I am trying to see how my app handles if such a thing happens. Can this be done from IIS Manager?
(i) I have a simple application where I am getting data from a textbox and storing it in a cookie. I noticed that unless I set the Autopostback value of the textbox to TRUE, nothing is stored. Does anyone know why this is the case?
In certain pages when i try to rediect to a perticular page the Session automaically gets assigned to null, have no idea why is this happening.-No where I'm using Session.Remove or Session.RemoveAll.-Also not even using EnableSessionState="true" or "false" as by default it will always be true, I know...
I have an issue of losing an InProc session variable when I call Response.redirect. I have seen a number of posts related to this, but haven't found a solution. My code is essentially:
When I try to read Session("MyVariable") on the NewUrl.aspx page, it doesn't exists.
What's odd is that this doesn't typically happen in my local environemnt, but hapens quite often, if not all the time, on the shared server this application resides on. I saw some info about web farms and load balancing which could cause an issue. I am fairly certain this app is not part of a web farm.
A little background, in case there is a better method than using Session State...
I have created the ability for an administrator of this applicationto log in as any other user using a "Skeleton Key" password. When the admin does this, I store a boolean in session which refers to the fact that they are logged in and "Impersonating' another user. This gives the admin additional access that the user would not normally have. Anyhow, that is why I store a sessoin variable.
I am creating web application. In that I want to set session timeout (not idle timeout). If a user logged in that time the session time will start and it automatically should detect session timeout the page should redirect to another page. How can I acheive this.
is it possible to create a new Session Id using C# and without using a Response.Redirect(...Page ... ). I want to create a new session Id on page load.
Reasons for doing so:
I have a testing application that creates IFrames to act as users. the problem I have is that with Multiple Instances (or Multiple IFrames running the same application "Default.aspx") all IFrame's are using the Same Session ID. I have variables stored in the Session ID that I need to be seperated from IFrame to IFrame. Ex:
IFrame 1 gets passed a query string of a client ID "1" IFrame 2 gets passed a query string of client ID "2"
WHen the IFrame 2 gets loaded the session state of IFrame 1 inherits the IFrame 2's session's making the Client ID in Session 1 = "2". See what I am getting at?
I want to be able to have each IFrame create its own Session State. I guess there is 2 questions to this, 1.) is it possible to create a new Session State by abandoning the original and by doing so will that abandon both session ID's and just create an ID for both IFrames being the same ID? 2.) How can I do this if it is possible :-)
I'm using sessions to track user name. I assign Session["userName"] in my login procedure. The sessionn gets timeout in about 15 minutes. What I need to do is, if the session timeouts I need to redirect the page to the Default.aspx page.
How can I do this? Any code example would be great.
This is weird. In my newly developed chat application, when I invoke Response.Redirect, I am losing my session data. What is particualrly odd is that this sometimes seems to occur after a slight delay, so I reach the page, and then the session info gets lost momentarily thereafter. Mostly though it seems to get lost immediately. I have of course googled this issue, but yet to find anything that speaks to my problem. SessionState is in InProc mode. Session state has been working fine for me until this unexpected problem, so everything is configured right. So far the only workaround I can think of is to use a link instead of a button, and use javascript to call a server-side function on onclick to do the work I need to do before the link gets invoked. Messy, and I'd rather not go that way unless there's no alternative.
Just to preempt one red herring, I do use Response.Redirect(<address>, false).
The problem occurs both on the testing and production servers. I'm running ASP.NET 3.5 on IIS7.
I am busy building a shopping cart with cookies. I have datalist which I populate from the cookies with a delete button next to each cookie
[Code]....
Now the problem is that when I hit the delete / remove button to expire the cookie, what happens when repopulating the datalist is that it shows the original cookie with all it's values as well as a new entry where all the values are blank.
I have one website in which there is one page along with one ascx as registered into it. In the ascx where user can add some order details and click on "Make Payment" button, then there are following 2 cases...Case I: If user was not logged in, then a modal popup will open which has login ascx with 2 buttons Register & Login. In this case user either Login or Register and continue with "Make Payment".
I want to change the value in a cookie: HttpCookie hc = new HttpCookie("HiddenColumns"); hc.Value = customView.HiddenFields; hc.Expires = DateTime.Now.AddDays(365); Response.SetCookie(hc);
Seem that , i can't get value cookie,although my variable on page which inside TestCookie folder I try get cookie other pages which outside TestCookie folder ! Result is like before attempts.
