locked
Sessionstate not workig anymore on IE/Edge RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1347185096 posted

    Since years I am running a view asp.net websites without any problems. Since a few days, some customers using IE or Edge browser report login problems.

    I found the reason for this on my computer. The Edge default setting for cookies is now "block all cookies".

    Therefore the webshop cannot login an users on Edge because the session state will not be on a logged-in status.

    I found some help and I added this line to web.config:

      <system.web>
    <sessionState cookieSameSite="None" cookieless="true" timeout="360"/>
        <compilation debug="true" targetFramework="4.7.2">

    Now it  is working but I have the session included in the URL :-(

    https://ecommerce.fr-buero.de/(S(pi4mduiu1r1xbubxnm0rersu))/qseek_SQLsort.aspx

    It has worked in the past without any Problems...

    Can anyone help me to fix this topic? I need to have the session in the webhop to store some userdata within the session.

    Thursday, December 19, 2019 2:25 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User753101303 posted

    Hi,

    This is because of 

    cookieless="true"

    which causes the session id value to be transmitted as part of the url rather than as a cookie.

    Show maybe rather the sessionState settings that doesn't work ? I would expect most if not all browsers to block persistent cookies but to allow temporary cookies (deleted when the browser is closed). Or could it be a "cookie same site" change (you are using form authentication ? you are consistent in using either www.site.com or site.com but not both ???)

    Edit: or as it seems you are using the session state to hold the "login state" you rolled your own authentication mechanism ???

    Thursday, December 19, 2019 5:19 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-719153870 posted

    Hi Joachim_Siebert,

    Now it  is working but I have the session included in the URL :-(

    It's the SessionID in your url, please check this Cookieless SessionIDs and you will see:

    ASP.NET maintains cookieless session state by automatically inserting a unique session ID into the page's URL. 

    This means you can put this SessionID either in the cookie or in your url, you can choose only one and only one option of these two. You can refer to hide session id from url.

    My suggestion is that if you don't want to change the url then suggest your custom to set "don't block cookies" in there browsers.

    Best Regard,

    Yang Shen

    Friday, December 20, 2019 2:35 AM