4

I have an ASP.NET 3.5 site written on top of Azure for which I'm trying to allow both authenticated and anonymous user profiles. The authenticated profiles work fine. But if I am not logged in, I see the .ASPXANONYMOUS cookie sent down with the profile information in a SetCookie directive. If I then close the browser session and start up again, I see a SetCookie directive sent down from the server right away, setting the .ASPXANONYMOUS cookie to a new value:

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=dTJEJCr...; expires=Fri, 12-Mar-2010 21:22:38 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Wed, 10 Feb 2010 21:22:41 GMT
Content-Length: 3146

thus the profile information is lost between sessions. I don't understand why this is happening - I would think that preserving the cookie value would be the whole point. My web.config has this:

  <!--  We allow anonymous users to have a profile using ASP.Net anonymous profiles -->
    <anonymousIdentification 
            enabled="true" 
            cookieless="UseDeviceProfile"
            cookieName=".ASPXANONYMOUS"
            cookieTimeout="43200"
            />

Any ideas on what I need to do to preserve the cookie across sessions to allow proper anonymous profiles?

Mike Kelly
  • 969
  • 1
  • 12
  • 23
  • 1
    Hmmm... testing this a bit more, discovered this behavior ONLY happens when I'm running on 127.0.0.1 from VS, i.e. in development fabric. It works correctly on the cloud fabric. Annoying since I spent a bunch of time "debugging" something that doesn't happen in production. I'd still like to understand why this is happening in development fabric. Thanks. – Mike Kelly Feb 10 '10 at 23:38
  • Your discovery of 127.0.0.1 sounds like my question: http://stackoverflow.com/questions/4226568/why-do-entries-in-the-host-file-create-new-sessionids-for-each-request (Why do entries in the host file create new SessionIDs for each request). I suspect a accepted answer to one question would also solve the other. I'm on WinXP, what platform are you developing on? – PhillFox Dec 01 '10 at 18:15

2 Answers2

1

I realize that after 9 months that the poster has probably moved on. I also realize that the answer I'm about to provide is more of a work-around than a solution. I also haven't done any Azure development and I could be completely off base; however, unanswered questions bug me - so here is what I've found.

If you use your real IP, rather than 127.0.0.1, your SessionID is retained across requests.

PhillFox
  • 839
  • 6
  • 16
0

I can confirm PhillFox's comment

When using formsauthentication the ASP.NET_SessionID cookie var creates the value in the session so that subsequent requests can persist between postbacks.

I checked everything, the reason this was not happening for me was precisely because I was referring to 127.0.0.1, as soon as I changed this to the valid IP address the cookie ASP.NET_SessionID and ASPXANONYMOUS persisted.

Andre Pageot
  • 336
  • 1
  • 6