RE: Website is not setting Session cookie for asp.net_sessionid

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Peter Bromberg [C# MVP] <pbromberg@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 12 Aug 2007 14:32:00 -0700

I think this is by design - the Session doesn't "Bake" until a Session item
has actually been set (in ASP.NET 2.0).
-- Peter
Recursion: see Recursion
site: http://www.eggheadcafe.com
unBlog: http://petesbloggerama.blogspot.com
BlogMetaFinder: http://www.blogmetafinder.com

"SevDer" wrote:

Hi,

I've done some coding in my web application however right now for an unknown
reason my asp.net 2.0 site is not setting asp.net_sessionid cookie and as a
result, I am losing the session data in each page refresh or redirect.

I really do not have any coding against how the session works.
And I have not changed any setting in IIS.

I even compared the 2 code(old and new) bases and didn't see anything funny
which will
cause this.

This truly drives me crazy right now.

Other notes: I've tried this on 3 different machines and it makes the same
behavior on all of them. (old code fine, new code bad)

But I want to repeat again, I am not doing anything related to actual
session

And a final note: After reviewing alot, I realized that before I use the
session object at least once, application does not set "asp.net_sessionid"
cookie.
When I set a dummy variable at least once, it works and sets
"asp.net_sessionid" cookie. However this is still a problem as setting works
after viewing the page for the first time.
As a result cookie is still not availble in the first load but valid
afterwards.

Can someone tell me why my asp.net 2.0 app is not setting this cookie by
default? Am I doing something wrong?

I have the following in my web.config
assemblies:
<add assembly="Microsoft.VisualBasic, Version=8.0.0.0,
Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.DirectoryServices, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Management, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.ReportViewer.WebForms, Version=8.0.0.0,
Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.ReportViewer.Common, Version=8.0.0.0,
Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="ADODB, Version=7.0.3300.0, Culture=neutral,
PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="Microsoft.ReportViewer.ProcessingObjectModel,
Version=8.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Data.OracleClient, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Windows.Forms, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="Microsoft.Build.Utilities, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="Microsoft.Build.Framework, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
http handler:
<add path="Reserved.ReportViewerWebControl.axd" verb="*"
type="Microsoft.Reporting.WebForms.HttpHandler,
Microsoft.ReportViewer.WebForms, Version=8.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" validate="false" />

Follow-Ups:
- RE: Website is not setting Session cookie for asp.net_sessionid
  - From: Steven Cheng[MSFT]

References:
- Website is not setting Session cookie for asp.net_sessionid
  - From: SevDer

Prev by Date: Empty Toolbox in Visual Studio 2005.
Next by Date: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
Previous by thread: Website is not setting Session cookie for asp.net_sessionid
Next by thread: RE: Website is not setting Session cookie for asp.net_sessionid
Index(es):
- Date
- Thread

Relevant Pages

Re: Sessions vs Cookies
... There is a session cookie which simply allows the server to identify the client and retrieve relevant session data for it. ... If cookies can be read or forged, it makes little odds whether you have the master key or all the little keys,. ... Suppose you only send the PHPSESSID: Now you cannot change a thing on the server, even if you have the 'master key'. ...
(comp.lang.php)
Re: session wont timeout
... Maybe this is a session cookie issue? ... client browser there is this one: WSS_KeepSessionAuthenticated Expires: At ... If I kill the session cookie using IE Developer Toolbar, ... possible and IIS would throw another challenge. ...
(microsoft.public.sharepoint.windowsservices)
Re: Is it safe to store user_id in Session?
... What I was wondering is how safe it is to store user_id or username or ... session so I do not need to search the database all the time. ... OVERRIDING BASIC SESSION COOKIE AUTHENTICATION ... So what is described in the article only works for bad php scripts. ...
(comp.lang.php)
Chicken and egg issue with Cookie based login?
... I have few questions I hope someone can clear up for me with the cookie ... private web server. ... It also says this about the secret key: ... Second, would be an example of the "Session ID" or more general, what is an ...
(comp.security.misc)
Re: [PHP] Question about authenticating people...
... Would I be better to store that in a cookie rather then a session variable? ... The search variable is not sensitive data, there's no need to keep it on the server so it's an ideal candidate for a cookie. ... Also bear in mind that the client can change the contents of a cookie at any time so you need to re-validate them on every page request. ... If you need to verify the contents of a cookie from request to request you can a) encrypt it, or b) add a checksum to it. ...
(php.general)