0

i have a aspx page see: 

<%@ Page Language="C#" %>
<%

    HttpContext.Current.Session["UserID"] = "ABC1";
    Response.Write(HttpContext.Current.Session["UserID"].ToString());

%>
<script>
    var parameters = { OpenURL: "test.pdf", java_arguments: "-Xmx256m" };
  var attributes = {archive:"webviewerS.jar,jPDFViewerS.jar", code:"qoppa.webViewer.PDFWebViewer", width:"100%", Height:"95%"};
  var version = "1.6.0";

  deployJava.runApplet(attributes, parameters, version);
</script>

The page load and created a session variable, and i also added a custom httphandler to handle the http request of pdf, every user type the path with .pdf will run the class

response.Cookies["UserID"].HttpOnly = false;
if (HttpContext.Current.Session["UserID"] != null)
{

        response.ContentType = "application/pdf";
        response.WriteFile(request.PhysicalPath);

}
else
{
    response.Write("access denied");
}

The main objective of this script to test is it possible to view the pdf only by using the java applet within that aspx page. But finally,

var parameters = { OpenURL: "test.pdf", java_arguments: "-Xmx256m" };

the java applet request to load the pdf, but it seems the session could not be detected at httphandler, but the above code is successful if i directly type the .pdf path after i loaded the .aspx page.

If the applet request the pdf file, the result of the seesion["UserID"] will be null, why it can't detect the session value?

hkguile
  • 4,235
  • 17
  • 68
  • 139

1 Answers1

0

Have you tried using something like Fiddler or Charles to see the applet request going back from the browser to the server?

There will normally be a cookie called ASP.NET_SessionId or possibly a querystring parameter called sessionId to maintain the session depending on the server configuration.

From ASP.NET Session State Overview

By default, SessionID values are stored in a cookie. However, you can also configure the application to store SessionID values in the URL for a "cookieless" session.

The Java applet probably doesn't include this in the request and so the server thinks it's a different session.

Dave Anderson
  • 11,836
  • 3
  • 58
  • 79