Is there some method in asp.net for getting an absolute url with cookieless session? UPDATE: I need create other new URL. It is not requested URL. I´m using Response.ApplyAppPathModifier for getting relative URL with cookie session.
View 2 RepliesIs it possible to use mixed cookieless sessions with cookie sessions? I've an application that captured user details and then redirect for payment to an ssl page. I was wondering if this is possible? [URL] redirects to [URL] Note: the session Id in the latter url. So in essence, we use the standard cookie session for the majority of the application but when we transfer to an ssl page we pass the SessionId to the https url to pick up the session. I've tried this locally but it starts a new session.
View 1 RepliesI want to know how its work and it advantage and disadvantege
View 2 RepliesHow do you generate a URL for that uses cookieless sessions?
Neither Request.RawURL or Request.URL has the rewritten version that includes the sessionid.
I have an uploadify control working fine in a vb.net web application - however whenever I switch on cookieless session state in web.config (cookieless="true") - it stops working.
In my upload IHttpHandler I can see that the data stored by uploadify is nothing:
Private Function Process(ByVal context As HttpContext) As String
Dim File As HttpPostedFile
File = context.Request.Files("filedata") ' Nothing
Dim FileExt As String = context.Request("fileExt") ' Nothing, etc
...
I have several ASP.NET sites, hosted on the same domain (different subdomains) and working via HTTPS. I have WCF service, hosted on the same domain. I have a separate state server for sessions.
All sites use cookieless session (if someone asks why - i will reply later, but it's a 'must')
On my sites, I use grid components from Telerik (but actually it does not matter) that ask for data from WCF service and must be filled with this data.
The problems are:
1) I cannot manage to make POST request to WCF service from javascript: for some reason it's always either GET or OPTIONS (no matter if I use Sys.Net.WebServiceProxy invoke or just a plain jquery AJAX request). It happens even if I indicate COOKIE mode, not cookieless. Maybe because of this I am getting "405 Method not allowed" error - WCF is set for POST request, but the site sends GET...
2) I cannot manage to retrieve SESSION from my websites! I tried approach, that I found, but WCF always uses OWN session, instead of 'connecting' to existing ASP.NET session, despite on ASP.NET compatibility mode. I need SESSION to exchange data between my sites and WCF service
3) I don't have idea currently, how to manage security when exchanging data between mentioned ones, in the light of above-mentioned problems...
4) I don't know exactly, how web.config for WCF service should look like in my case, because I've seen tons of different variants, but all for some simple cases.
Would be really appreciated for the help! I'm stuck for 2 or 3 weeks already, far behind the plan, but nothing still works... I can see there are some pieces of info about similar problems, but I'm afraid to miss some small thing - in web.config or method attribute or IIS setting, etc - and f... up everything.
In ASP.NET, I'm a bit confused about role of cookies in session state. Whats is the difference between normal session state and cookieless session state?
View 5 RepliesWhen Session attribute Cookieless ="True" the page.Ispostback is always false.Cant understand the reason behind it.
And one more thing what is happening when we click Remember Me option in login control.As per my knowledge it is storing authentication cookie in it. If we can add data to authentication cookie then why we need session...we can add session data in that.. and authentication token is also regenerated for every new request like sessions.....i got confused after browsing for few hours.
Which one is more secure using cookies or URL for authentication and session.
For a project (ASP.NET MVC 2 web application) we needed to use cookieless sessions. Furthermore, we use the ASP.NET State service, because the application is hosted on 21 web servers and we need to be able to share the session state. So the default InProc setting is not an option. Actually we enabled the ASP.NET State service on all of the web servers. The application's configuration file contains a custom configuration section which contains a list of the state servers. For example:
[Code]....
We created a class which descends from the sessionIdManager class. Our session id manager uses the session id generated by the base class and prefixes it with two numbers (00, 01, 02...etc). This number represents the index of one of the state servers displayed in the above list. We pseudo-randomly pick one of the state servers in order to balance the load accross the servers. Then we implemented the
IPartitionResolver interface. Our resolver does the following:
Read our custom session idExtract the index which we appended (e.g. 01)Retrieve the information of the state server from the configuration file (192.168.0.102:42424) the state server information (IP & Port) is used to inform ASP.NET where the ASP.NET State server for this session is located. This setup works fine if we work with exactly one state server (e.g. development environment). It also works fine on our acceptance environment (2 state servers). But after we did a test by enabling 21 state servers and deploying the application on 21 web servers things went wrong. Sometimes the site would function correctly, but now and then we receive an 310 error. The browser informed us that the web page has resulted in too many redirects.
We created a new blank ASP.NET MVC site and implemented this custom session management and voila .... reproducable. Monitoring the traffic with Fiddler gave the following results:
A 302 status is returned containing the same location but a different session id: k heb met Fiddler de HTTP trafiek gemonitord en hetgeen ik tot hiertoe heb ontdekt, is dat er bij een request een status 302 wordt teruggeven met daarin dezelfde location maar andere sessionId.Voorbeeld
Response:HTTP/1.1 302 Found
Server: ASP.NET Development Server/10.0.0.0
Date: Thu, 23 Dec 2010 09:11:31 GMT
X-AspNet-Version: 4.0.30319
Location: /(S(17zprjcofc030gl3ph4lfqaklx))/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: Close
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/(S(17zprjcofc030gl3ph4lfqaklx))/">here</a>.</h2>
</body></html>
this redirect keeps happening, each time with a different session id until a session id is generated that points to the web server which is also handling the ASP.NET request. Then the page will be shown.
Request: /(S(00cq1vtfyxsvfwxx2lply2zlma))/
Response:
HTTP/1.1 302 Found
Server: ASP.NET Development Server/10.0.0.
Date: Thu, 23 Dec 2010 09:13:13 GMT
X-AspNet-Version: 4.0.30319
Location: /(S(00qbn3zut5mzek3fd4pq5pqt3a))/
Cache-Control: privat
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: Clos
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/(S(00qbn3zut5mzek3fd4pq5pqt3a))/">here</a>.</h2>
</body></html>
New request: /(S(00qbn3zut5mzek3fd4pq5pqt3a))
Response:
TTP/1.1 200 OK
Server: ASP.NET Development Server/10.0.0.
Date: Thu, 23 Dec 2010 09:13:13 GMT
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 2.
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1365
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "[URL]TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="[URL]">
<head><title>
Home Page
</title><link href="Content/Site.css" rel="stylesheet" type="text/css" /></head>
<body>
Thus the chance that a session id for the same server is created is smaller if more state servers are added to the list.
I put an HTMLEditor Control (aka Editor) into a webpage and set the forms authentication to cookielessLike so
<authentication mode="Forms">
how can i implement cookieless authentication in .net??
View 5 RepliesI have an MVC site that I've been developing and one of the requirements is cookieless sessions. When I use this code to start my forms. <% using (Html.BeginForm()) { %> I get the following output. <form action="/MyAccount/Home/Login" method="post"> if I use one of the overloads to specifiy the controller, action, route values, etc... <% using (Html.BeginForm("Login", "Home", new { ReturnUrl = Model.ReturnUrl }, FormMethod.Post)) { %>
I get the following output... <form action="/MyAccount/(S(npnaj4fn12x3ie45xzuyzjqn))/Home/Login" method="post"> I found this issue after I deployed it to our IIS 6 server. It works fine in the Visual Studio development web server.
I have a web page that using AutoComplete Asp.net Ajax Control.
It was working find when the Cookieless is not "True".
I have no idea my it is not working when I set cookieless to "true".
We are programming a new web application framework (Second WAF). I was wondering if we should support cookieless sessions or not. Who use it and who needs it?
View 2 RepliesI've been working on this problem for some time without success. We have this website that has been working for many years now and we have been using cookieless sessions since the begining. Now we are integrating with another site to handle payment throught redirection. This provider ask for two adresses for success or failure of a payment so we have something like [URL] and [URL]. For design purpose thoses two pages do not exists and I use an httpModule to route to the proper page. I use httpApplication.Context.RewritePath to send to the proper page but I can never find back the session my user had before redirecting to the payment provider.
If I change the session mecanism to use cookies (cookieless="false" or cookieless="UseUri") with a few other tweaks, everything works fine Does anybody know if this has a chance to work? Is there a way to re-attach to an existing session?
I am thinking about setting up a new domain to host static content on my website and have it cookieless just like Stackoverflow with their static domain. So before going ahead and buying the domain and setting it up I wanted to test it on my developement machine first under localhost (I have to mention that i am planning on having IIS running on my new domain for the static files). I therefore created a new application under IIS and disabled session state and forms authentication. When my main application needs resources like css, images and js , I use the path to the "static" application where they are hosted.
The problem is that when I look at the request and the response for the requested files, they still have the session_id cookie defined as well as the asp.net authentication cookie. Is it at all possible to accomplish what i am trying to do on a development machine or do i have to just go ahead and purchase the new domain which hopefully with make things right? I tried to read about cookieless domain but can't figure out what i might be missing.
im using visual studio 2008. my requirement is to implement single sign on across many domains without using cookies. is this possible? for example, i have 3 domains (hosted in 3 different systems). www.domain1.com www.domain2.com www.domain3.com and cookies are disabled. i implemented single sign on with cookies, if the sites are hosted in single system then it is working. but it doesnt work if cookies are disabled. i tried all made all possible google searches, but couldnt find anything useful.
View 5 RepliesI am addressing page /MyPage.aspx. If I address it on my development server, it's absolute address is: [URL]If I address it on my operational server, it's abosolute address is: [URL] In Visual Basic, how do I programmatically get the server bit, that is http:// or http://localhost?
View 5 RepliesI have an ASP .NET website that uses cookieless sessions When the initial request is made to the site IE just displays the standard "Internet Explorer cannot display the webpage" message Firefox displays the following message: The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete. *This problem can sometimes be caused by disabling or refusing to accept cookies. The site works fine with my development server and under IIS6. If I switch off cookieless sessions then everything is fine
View 3 RepliesI have a logon/register control that is on several pages. Users are logged on with code: - FormsAuthentication.SetAuthCookie(Userid, False) Response.Redirect(Request.Url.AbsoluteUri) ' Round trip is necessary to complete logon
All this was working OK, except that there was a problem with Internet Explorer users: if their browser had the default privacy setting the authorization cookie was rejected. There was no message, but they were not logged on. See [URL] To try to solve this problem I changed to cookieless authentication, but now the logon control doesn't work. The problem is that after cookieless authentication the URL changes from
[URL]
However Request.Url.AbsoluteUri remains http://localhost:3641/TestGDB/login_pages/home2.aspx even after the logon, and so with cookieless authentication the user is not logged on as there is no authentication ticket in the redirect URL.
The problem is "solved" by changing the Redirect statement to Response.Redirect("~/login_pages/home2.aspx") which works perfectly for this particular page, but is obviously wrong when the control is on other pages.
How do I write "Response.Redirect(current page)"?
How can i identify just from the HttpContext Object that the HttpRequest coming to my application is from a cookieless application or cookieless browser?
View 2 RepliesI required for cookieless web app so that user cant save login-id and password in their browser. For this purpose i am usingÂ
<sessionState cookieLess="true"/>
in web config file. But if this reflects sessionid in page url. i dont want any  interference in url.
My site was working fine before I starting working on incorporating URL redirection/rewriting. I have tried to preface all the URLs for graphic images and navigate URLs with a tilde and a slash ("~/"). However, now that I'm using rewriting on many of my pages, if the number of folders in the URL is 2 or less (such as MyDomain.com/Title/Author), it finds the graphics files without any problems, like before. When I view page source, I see that the HTML is calling for relative URLs that start with "../../", which is why it works for 2 or less folders in the URL. When there are 3 or more folders (such as MyDomain.com/Title/Author/Category), then it doesn't display the graphics files.
why I'm getting these relative URLs and so the files are not displaying correctly at times?
Possible Duplicate: Absolute path & Relative Path
When to use absolute path, relative path and what is the difference between both?
I have developed a website and have always used relative positioning. I am now going to be writing a web application which will have a lot of text boxes / combo selections. My life would be a lot easier to use absolute positioning.
Would it be best to do it in relative or absolute for a web application. Basically I am taking a desktop app and rewriting it as an ASP.Net app.