thespot4sap.com independent sap information
 

get SAP Access - pay monthly

 SAP Tutorials    Online SAP Training    SAP CBT's    Forums    SAP Articles    SAP Jobs    Resumes
  SAP Access    SAP Blogs    SAP Books     Links     Vendor Directory     Submit Content    Search
Previous posts in SAPscript
HOWTO: Troubleshoot HTTP Error 999
Cool little Greasemonkey script - it fixes MSDN titles
Dragging WPF elements
Enable a Remote Desktop connection with this member-submitted admin script
How To [NOT] detect that a locale is bidi
HOWTO: Add and Remove an ISAPI Filter using JScript
Installing CMS2002 w. SP2 w/o having to install VS.Net 2003
Startup scripts configuration parameters
Symantec Users, Start Your Keyloggers
Using a VBScript to control Virtual Server on a remote computer
Google fixes 'minor' Gmail flaw
Signing an activated procedure
New Anti Cross Site Scripting Library available for download
Switching between multiple Msscci providers
Nouvelle version du kit de ressources techniques de MOM 2005 SP1
HOWTO: Run IIS6 in native Worker Process Isolation Mode
Looking at historic CPU utilization
A Taste of F# Interactive in Visual Studio
Auxilliary Saver Technique in Web Forms
Customizing Context Menu in Sharepoint
Page 4971 of 5524

Session loss after migrating to ASP.NET 2.0

Blogger : MSDN Blogs
All posts : All posts by MSDN Blogs
Category : SAPscript
Blogged date : 2006 Mar 05

The HttpOnly attribute has been added to the Session cookie generated by ASP.NET 2.0.  This value is hardcoded and cannot be changed via a setting in the application.  While this is documented as a breaking change in the breaking changes document (linked below), it's not clear the types of symptoms you will see in your application, nor is the fix clearly stated.

Symptoms:
The general symptom is session loss after you perform some action via client side script (javascript).  The most common scenario would be opening a new window or modal window using script, but I could also see making an AJAX style request from the client causing some problems. 

The request to the new window will not contain the ASP.NET_SessionId cookie and as a result a new session is generated for that request.  The error you will see with session loss is typically a NullReferenceException logged into the event viewer (thanks to web events in 2.0 logging unhandled exceptions to the event log) or a custom log if you implement custom logging.  Your symptoms may vary depending on what you are doing in your code, but based on the behavior of the HttpOnly attribute, the repro steps should be pretty consistent.  For example, if you redirect based on a session variable, your symptom will be constant redirection.

Resolution:
You can add the following to your global.asax file to set the HttpOnly attribute to false for the ASP.NET_SessionId cookie:

void Session_Start(object sender, EventArgs e)
{
     Response.Cookies["ASP.NET_SessionId"].HttpOnly = false;
}

You could also roll this into a custom HttpModule to apply it across multiple applications if necessary.

Link to breaking changes document:
http://msdn.microsoft.com/netframework/programming/breakingchanges/runtime/aspnet.aspx

Link to HttpOnly Attribute:
http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx

Special thanks to Shai Zohar for helping isolate the issue as well as testing the above solution.

Read comments or post a reply to : Session loss after migrating to ASP.NET 2.0
Page 4971 of 5524
Newest posts
New Page 1

 

 

About Us   Contact Us   Privacy   Disclaimer   Feedback   Email Discussion   Newsletter  

Copyright © - Independent SAP Information
Learn XML, Guesthouses and B&B's