Reputation: 2027
Losing session data in ASP.NET
I moved an ASP.NET site running on a server with .NET 1.1 to another server running with .NET 2.0.
In one of the pages I have the following code to detect an expired session:
protected void Page_Init(object sender, System.EventArgs e) {
if ( Session["XBCPEmail"] == null ) {
Response.Redirect("signin.aspx?expired=yes");
return;
}
}
(Session["XBCPEmail"] == null) is resolving as true (as if the session had expired) in one unexpected case, after clicking one of the buttons of the page. It happens with only one of the buttons. Just like other buttons in the same page, the button event handler ends with this code redirecting to the same page:
Response.Redirect("cpanel.aspx");
I checked and at the time of Response.Redirect("cpanel.aspx"); the value of (string)Session["XBCPEmail"] is a valid string, so I'm not sure what can happen between the Response.Redirect and the Page_Init that could be making the Session["XBCPEmail"] become null.
Which could make a Session variable in .NET 2.0 become null? This code does not have that issue in 1.1 and, even in 2.0, it only affects one button on the page.
UPDATE: The issue only occurs if the button event handler calls an external .exe program, with the code below. If this code is commented out, the Session variable is not null. How can the creation of an external process to run a command line program have any impact on if a Session variable is null or not?
private string CallBridge3(string task, string arg1, string arg2, string arg3) {
Process process = new Process();
process.StartInfo.FileName = MapPath("bridgefcp.exe");
process.StartInfo.Arguments = "-" + task + " \"" + arg1 + "\" \"" + arg2 + "\" \"" + arg3 + "\"";
process.StartInfo.RedirectStandardOutput = true;
process.StartInfo.UseShellExecute = false;
process.Start();
string output = process.StandardOutput.ReadToEnd();
process.WaitForExit();
return output;
}
UPDATE 2: The problem has vanished after installing .NET 4.5 on the Windows 2008 R2 with IIS 7.5 machine, instead of using the one that came by default, which was .NET 2.0.
Upvotes: 7
Views: 37614
Answers (9)
Reputation: 1821
For MVC, make sure the web.config has below configuration.
<httpCookies httpOnlyCookies="true" requireSSL="false" />
in <system.web> section
Upvotes: 1
Reputation: 886
I was facing the same issue and tried every option mentioned in the above answers. Finally found that the issue was that we had marked session cookie as secure in our project but were running it with http If the server has not been setup for SSL and you try to mark the cookie secure, a new session will be generated for each request. So finally enabling back https fixed it for me.
Upvotes: 2
Reputation: 11
<httpCookies requireSSL="false" />
Removing this from the local web.config worked for me. The issue was only happening when running the app locally.
- Removed the setting from web.config
- Added it to the web.staging.config and web.production.config
Upvotes: 1
Reputation: 755
I encountered this problem when setting the Session variable before a redirect. I had enableSessionState="ReadOnly" in Web.config. It happens because the session does not exists and the redirect happens before the client can set the session cookie.
My solution was to set a dummy Session variable in the previous page load (login page in my case).
protected void Page_Load(object sender, EventArgs e)
{
// Put this in master page or login page
Session["createSession"] = true; /* ensure there's a cookie for session */
}
Upvotes: 1
Reputation: 11
Just go to your web.config file and edit your sessionstate tag. Set requiressl to false from true.
Upvotes: 1
Reputation: 62
You need to update web.config as mention below :
<httpCookies requireSSL="false" />
Upvotes: 2
Reputation: 129
Check your web.config, maybe you have this tag
<httpCookies requireSSL="true" />
If it so, remove it.
Upvotes: 12
Reputation: 2078
I believe your session in the web.config is being reset (getting a new SessionID for each postback)
You could try to debug this by putting the SessionID somewhere on the page (for testing) with
HttpContext.Current.Session.SessionID
This did happen on one of my websites and all i had to do was go into IIS and resave the SessionState Panel
Upvotes: 1
Reputation: 16898
By default Response.Redirect terminates thread execution and there might be a race conditions in setting session variables. It is described in article Don't redirect after setting a Session variable (or do it right), so try to use another, less violent version:
Response.Redirect("cpanel.aspx", false);
Upvotes: 12
Related Questions
- ASP.NET C# Session Variables Being Lost
- Problems with Session losing its data in .Net
- Losing session values
- ASP.Net Session data lost between pages
- Losing session in ASP.NET C#
- Session variable loses value in asp.net application
- Losing ASP session variables, or so I think
- ASP.NET Session Abandoning Unexpectantly
- session value lost in asp.net in c#
- asp.net: when is the data from session getting lost