Reputation: 2385
ASP.NET MVC and using cookieless sessions
There seem to be conflicting opinions about ASP.NET MVC and cookieless sessions. Some people say MVC downright does not support, but others seem to be using MVC and cookieless sessions without any issues. If I create a test MVC project and enable cookieless sessions everything seems to work fine. Does anyone have a definitive and supported answer on the use of cookieless sessions with MVC, i.e. why or why not to use them?
Note: I am aware of the security implications of using cookieless sessions, but in my case and for internal applications the risk of other users stealing sessionId's is not too much of an issue.
Upvotes: 11
Views: 8540
Answers (1)
Reputation: 32818
The definitive answer was in the forums.asp.net post you linked to in your original question. Those answers came straight from the product team members themselves. Cookieless forms auth / cookieless session are deprecated technologies. Nothing the ASP.NET team has done in recent years (MVC, WebAPI, SignalR, Friendly URLs) supports it.
Things might work by happy accident, but this should not be misconstrued as an officially supported scenario. All bugs which have been filed regarding cookieless forms auth / cookieless session are automatically resolved "won't fix" by the product teams.
Upvotes: 12
Related Questions
- Create Cookie ASP.NET & MVC
- Disable Cookieless Session .Net MVC 5
- Using cookies to store session in ASP MVC
- Using cookie in asp.net mvc c#
- Cookieless Session
- Cookie management in ASP.NET MVC
- Session and form cookie authorization
- Session cookie persitance in ASP.NET MVC
- Cookies in ASP.NET MVC 2
- ASP.NET MVC authentication cookie