2

We're currently having an issue with cookieless sessions in ASP.NET, according to the documentation on MSDN here when you use AutoDetect:

ASP.NET determines whether the requesting browser or device supports cookies. If the requesting browser or device supports cookies, AutoDetect uses cookies to persist user data; otherwise, an identifier is used in the query string. If the browser or device supports cookies, but cookies are currently disabled, cookies are still used by the requesting feature.

Notice the query string part! Now if it were indeed added to the URL like &sessionId=yoursessionidhere it's all fine but actually what I get are URLs like this: http://yourserver/folder/(session ID here)/default.aspx.

So my question is: How would I configure ASP.NET to use the querystring (as it claims) instead of this URL defacing method?

UPDATE:

I'm adding the config value we use in our web.config:

<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" cookieless="AutoDetect" timeout="20" />
IvanL
  • 2,475
  • 1
  • 26
  • 39
  • `&sessionId=yoursessionidhere` In this way session ID is not added to the URL as i know – Waqar Janjua Aug 08 '12 at 12:28
  • @WaqarJanjua: That's exactly what I said. The ID is added like `http://yourserver/(sessionid)/folder/resource.aspx` which we do not want for obvious reason that it defaces the clean URL. We want that the id is added in the querystring instead so that it is not so prominent. It's about keeping a clean URL. – IvanL Aug 08 '12 at 12:41
  • This is a good question (voted it up) Ill look into it! Are you using WebForm with Routing or MVC by the way or a mix? – Luke Baughan Aug 08 '12 at 12:46

1 Answers1

1

Reading this resource here http://forums.asp.net/t/1480365.aspx/1 do you have the cookieless="UseUri" setting in the web.config - try deleting that from what I gather it may help! Do let me know!

Additionally it would probably be worth posting your config block in the question.

Ive done some more digging and found this post which covers the request handling in the source code for MVC - using the session id in the URL for routing looks to be baked in pretty deep - see the excepted answer code blocks Possible Bug With ASP.NET MVC 3 Routing?

I'll keep looking for you but this one has me stumped! I think you need to get this question in front of someone like Hanselmann, Haack or Skeet.

Community
  • 1
  • 1
Luke Baughan
  • 4,658
  • 3
  • 31
  • 54
  • We don't have this in our config. I'll add our config to the post. – IvanL Aug 08 '12 at 15:40
  • Thanks for the headsup. I checked the information on the post and it makes sense. What doesn't make sense though is when our customer then decides to cut support for cookieless we set the setting to UseCookies but the cookieless URLs are still being accepted by our application. So now I'm looking for a way to make those URLs end in a 404. – IvanL Aug 09 '12 at 15:23
  • try cookieless="false" rather than UseCookies to prevent cookieless urls from working see this thread here http://forums.asp.net/t/1749701.aspx/1?Session+ID+in+URL – Luke Baughan Aug 09 '12 at 15:34