CODEWITHSUNDEEP
webforms
S Nash
S Nash

Reputation: 2499

ASP.NET use of Session ID

I'm working with an old ASP.NET application which has lots of lousy code.

I have been mostly a winform developer and my knowledge of webforms is still limited.

However looking at code the way the developer tried to pass information to other pages sound invalid to me.

Here is a typical way he passes info from one page to other page:

Response.Redirect("ABC.aspx?SessionID=08F7DCF3D6984EC984F6580A4EC7E9C2&CID=" _
                    & e.Item.Cells(iColClientID).Text & "", True)

Then on other pages he uses Request.QueryString to get the data back:

Request.QueryString

My question is why in the world he needs to also pass a Hardcoded SessionID=08F7DCF3D6984EC984F6580A4EC7E9C2 in the query string.

Web.config shows :

<sessionState mode="InProc" cookieless="false" timeout="30"/>

So if session is using cookies why send session id?

To me code is written by an amature developer. Please provide your feedback.

Upvotes: 0

Views: 2874

Answers (1)

Icarus
Icarus

Reputation: 63956

Unless he uses the SessionID parameter for something else -some other obscure logic in there that relies on it being present in the QueryString-, there's no reason to put a SessionID in the query string at all. With or without cookies enabled how to get the SessionID should be transparent to you and it suffices to do:

var sessionID = Session.SessionID;

Some relevant documentation from MSDN regarding cookieless sessions (which is not the case here according to the Web.config you showed):

ASP.NET maintains cookieless session state by automatically inserting a unique session ID into the page's URL. For example, the following URL has been modified by ASP.NET to include the unique session ID lit3py55t21z5v55vlm25s55: http://www.example.com/(S(lit3py55t21z5v55vlm25s55))/orderform.aspx When ASP.NET sends a page to the browser, it modifies any links in the page that use an application-relative path by embedding a session ID value in the links. (Links with absolute paths are not modified.) Session state is maintained as long as the user clicks links that have been modified in this manner. However, if the client rewrites a URL that is supplied by the application, ASP.NET may not be able to resolve the session ID and associate the request with an existing session. In that case, a new session is started for the request.

Upvotes: 1

Related Questions