0

I am maintaining a classic asp site, whenever i make a JQuery/Ajax call like the code below, my ASP session is lost & I am logged out of the site. 

$().ready(function () {

$('#DeleteItem').click(function () {

    $.ajax({
        type: "POST",
        dataType: 'json',
        url: '/delete.asp?PartyId=550',
            success: function (response) {
                if(response.type == 'delete') {
                    alert('delete went ok');
                }
            },
            error: function (event, request, settings) {
               // alert('RESP:' + response + '  REQ: ' + request + ' SETTINGS' + settings);
            },
        });

    return false;
});

});

'delete.asp' contains a really basic check to make sure the login session is still valid

If Session("UserID") = "" Then Response.Redirect "/login/"

The UserID session is lost when accessing the page via jQuery/Ajax, but works fine when accessing the page directly.

kb.
  • 1,010
  • 3
  • 17
  • 34

2 Answers2

1

There are two ways the session is tracked within ASP.NET (or for that matter, almost every framework). The first option are cookies, and the usual fallback option is URL-Rewriting.

AJAX calls do not, by default resend the cookies or the url-parameters, so in both cases you will have to be proactive.

Handling the first option (cookies are activated):

Reading cookies in javascript is done like: (the source for this code is w3schools, why reinvent the wheel?)

function getCookie(c_name)
{
var i,x,y,ARRcookies=document.cookie.split(";");
for (i=0;i<ARRcookies.length;i++)
{
  x=ARRcookies[i].substr(0,ARRcookies[i].indexOf("="));
  y=ARRcookies[i].substr(ARRcookies[i].indexOf("=")+1);
  x=x.replace(/^\s+|\s+$/g,"");
  if (x==c_name)
    {
    return unescape(y);
    }
  }
}

This method has another problematic edge which may be important, the session-id-cookie can be renamed in ASP.NET. Retrieving the name programmatically is possible, hava a look at stackoverflow: get session cookie name and for reasons why you would do such a thing have a look at stackoverflow: Reason to rename ASP.NET Session Cookie Name.

The default name (which will probably work for you) is: 

ASP.NET_SessionId

Now, if getCookie didn't return anything, this doesn't mean the user is not logged in. //EDIT - ASP.NET doesn't use parameters... How did I miss the contraditory source?

Well, now we have the SessionID, all we have to do to make the AJAX request working is rewriting the SessionID into the URL.

var SessionID = getCookie('ASP.NET_SessionId');
var urlprefix = "./";
if(SessionID != undefined)
    urlprefix = "./(S(" + SessionID + ")/";
$.ajax({
        type: "POST",
        dataType: 'json',
        url: urlprefix + 'delete.asp',
            data: {"PartyId" : 550}
            success: function (response) {
                if(response.type == 'delete') {
                    alert('delete went ok');
                }
            },
            error: function (event, request, settings) {
               // alert('RESP:' + response + '  REQ: ' + request + ' SETTINGS' + settings);
            },
        });

Source: http://msdn.microsoft.com/en-us/library/ms178581.aspx

Community
  • 1
  • 1
Sebastian van Wickern
  • 1,699
  • 3
  • 15
  • 31
  • thanks for your detailed answer, but is'nt the end result here just passing the session along with the ajax call? I'd like to stop the ajax call killing the session in the first place! – kb. Mar 04 '13 at 14:50
  • Well, yes, the endresult is, you're passing the session id along, but there are acually alot of cases where nothing else is possible (iframes, for example), since you did not specify what the surrounding html looked like, I assumed this would be the knock-em-dead answer ;) – Sebastian van Wickern Mar 04 '13 at 18:41
0

Forget the above answer, the ajax code in my original post is fine, this code was surrounded by a jQuery dialog, which for whatever reason was causing the problem!

var r=confirm("Are you sure you want to delete this?");
if (r) {
// do the above ajax call here
}
kb.
  • 1,010
  • 3
  • 17
  • 34