Reputation: 605
Prevent session id from appearing in browser address bar in asp.net
I have an asp.net application that obviously uses cookieless session. All he pages displays the session id as part of the URI. I would like to change this. This application was originally built with asp.net 1.1 and has now been converted to asp.net 4.0 with the conversion wizard.
I added the SessionState tag under system.web in order to enforce "cookieless=false". This change has no effect. Can someone tell me where i should be looking?
many thanks in advance
BM
Upvotes: 0
Views: 4579
Answers (2)
Reputation: 3101
The default is to use cookie session. So just create a new project and copy the session state from the web.config to make sure that it is clean.
Upvotes: 0
Reputation: 18290
Change cookieless to "UseCookies" to have the session stored inside a cookie. Otherwise the session is embedded into the URL.
Here's more information from the MSDN Site
If you have set cookieless to false in your web.config file and it is still showing the sessionid in url, it means the browser has cookies disabled. Check the browser setting and enable the browser to accept cookies.
There is no way to hide the sessionid if cookies are disabled for a browser.
But there is some work around here:
Hide Session Id in URL
Upvotes: 1
Related Questions
- Removing ASP.NET_SessionId from an ASP.NET application
- Make ASP.NET_SessionId cookie not httpOnly
- How to hide the ASP.NET_SessionID cookie string in asp.net webform?
- How can I remove the ASP.NET Session ID from my URL?
- how to maintain session.sessionId in asp.net without displaying sessionId in url
- ASP.NET SessionID In URL
- How to display session id in ASP page (without vulnerablity)
- Remove Session from URL String
- Hidden session Id in MVC Master Page
- Asp.net cookieless sessionId url location