I have an Umbraco 9.4.3 site (.NET5.0) which is using Session state, as configured by Umbraco. The app starts normally then writes a value to Session state in a controller method, which causes a Session cookie to be created.
public override IActionResult Index()
{
HttpContext.Session.SetString("test", "abc");
return ...;
}
While that cookie exists, any subsequent request to the site causes it to crash. The last entry in the Umbraco log is the following:
{
"@t": "2022-05-19T08:23:40.7534511Z",
"@mt": "Performing unprotect operation to key {KeyId:B} with purposes {Purposes}.",
"@r": [
"{c3e6bbb0-206d-4708-a9ab-ddfbfc117976}"
],
"@l": "Verbose",
"KeyId": "c3e6bbb0-206d-4708-a9ab-ddfbfc117976",
"Purposes": "('C:\\src\\websites-myapp-umbraco\\MyApp.Umbraco.Web', 'SessionMiddleware')",
"EventId": {
"Id": 5,
"Name": "PerformingUnprotectOperationToKeyWithPurposes"
},
"SourceContext": "Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector",
"RequestId": "8000000e-0000-f800-b63f-84710c7967bb",
"RequestPath": "/",
"ProcessId": 28188,
"ProcessName": "iisexpress",
"ThreadId": 16,
"AppDomainId": 1,
"AppDomainAppId": "88a8c25dd56eba55a0d1e3793780cc946fd9e0fd",
"MachineName": "IT08761",
"Log4NetLevel": "ALL ",
"HttpRequestId": "2f3fb967-5aeb-4b13-adb6-12bb6ed89218",
"HttpRequestNumber": 2,
"HttpSessionId": "0"
}
This suggests that SessionMiddleware for some reason is failing to decrypt the session cookie, even though it has previously succeeded in encrypting the session Id value.
I have created a clean site using the Umbraco VS project template which configures its pipeline in the same way as the app in question and have tried to reproduce the error in it, without success. I have compared the two sites and from a code and configuration point of view, they are substantially the same. There must be some difference between them, but I can't see it.
Can anyone cast any light on this please? Could there be an encryption key missing or inaccessible which is causing the failure?
