0

I have an ASP.NET MVC application which is hosted in a web server. It is configured to use Web Garden using StateServer.

ASP.NET State service is hosted in the same server where ASP.NET MVC application is.

In application's web.config file I have set below configuration:

<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" timeout="360" />

I have not set cookieless="false" in the session state. Also I have not set any Machine key.

Do I need to set cookieless="false" and machine key in a single hosting server?

What is the purpose of setting cookieless="false" and machine key? What is the difference between using them or not?

Willy
  • 9,848
  • 22
  • 141
  • 284
  • The cookieless specifies whether sessions without cookies should be used to identify client sessions. If the property value is false, then it Indicates that sessions without cookies should not be used and the default is false.The machine key is used to encrypt and decrypt form authentication cookies and session state cookies. This encryption prevents tempering of sessions in the server. you need to set them base on your requirement and not a single hosting server. – samwu Oct 28 '20 at 03:39
  • @samwu So I understand that if I do not specify any cookieless parameter (my case) then by default it is automatically set to false. Also, If I do not use a machine key, Could sessions be lost randomly? and what do you mean by "and not a single hosting server"? I am using web garden with only one server (asp.net state service is in the same server). – Willy Oct 28 '20 at 08:38
  • Whether to use machine key will not cause session loss. didn’t you mention above whether you need to set cookieless="false" and machine key in the single hosting server. – samwu Oct 30 '20 at 09:05

0 Answers0