RE: Session not set.

On the other thread, you have an answer about this problem:

Session["loggedIn"] = true;
Response.Redirect("redirectedPage.aspx");

If so, it will never work properly, as the session cookie is never set. In
order to set, you have to send info to the client. The redirect bombs that.

I do not, however, think that this is your problem, as you state the app
works on one box. This means there is something different in configuration
between the servers. You can search high and low, but your architecture is
also a problem.

Checking Session("var") for login is an ASP model, not ASPX. It is not wise
to keep this sort of architecture in ASP.NET. The proper model is to set up a
Principle object and use it for Identity. If the current ASP.NET mechanism
does not work for you, you will have to set up a custom provider.

In ASP.NET, the correct model is to set up a form and use Forms
authentication. If you TRULY want cookieless (setting session vars is not
cookieless, BTW), you set a value in the config file and allow it to add
session ID to the URL. In most cases, turning off cookies does not turn off
session cookies (difference between user and server cookies), so there is
little danger, but you can allow the munging.

The benefit of this system is you can follow the .NET model 100% and allow
the Framework to handle your authentication needs, rather than rewrite
ASP.NET to look like ASP.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"ywz" wrote:

> Hi All,
>
>
> I built a web application using cookieless session. It merely checks
> for the session variable value upon login. This method works fine on
> the host pc.
> However, when i try to access the application via another pc in the
> network, the login page redirects to itself even though the correct
> passwd and usename is entered. I did a response.write and realise that
> the value of the session variable is not set. How can i solve this
> prob?
>
>
> Any Help is greatly appreciated.
> Tks...ywz
>
>
.

Relevant Pages

  • Re: How to do forms authentication with cookieless=UseUri?
    ... you are confusing session and authentication. ... forms authentication create a login ticket and stores it in a cookie or the ... this is because cookieless changes the url to have a login ticket. ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Security and cookieless sessions
    ... Cookieless sessions are designed to support certain protocols which don’t ... for personal reasons turn cookie persistence off in their browsers. ... surreptiously while the session was active, they could use it to spoof the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Session ID in Query Parameter?
    ... So when posting from such normal html page the session state will ... the ASP.NET buildin cookieless session support does ... It uses the Session object and I really don't want to ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Major security issue?
    ... We have used cookieless sessions and what you say is true, ... client/server (ie. if connection broken, then the SSL session is invalid) so ... > would add some overhead to IIS because every HTTP request ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How To maintain Session state without cookies
    ... Cookieless session is supporting in ASP.NET, you just need to set this ... more details, refer this link ... Somebody know that good alternatives I have, in addition to the cookies, to maintain the session state? ... Agile Processes: "Assume that the most important factor in a project's success is the quality of the people on the project and how well they work together in human terms. ...
    (microsoft.public.dotnet.framework.aspnet)