locked
ASP.NET_SessionID cookie is present on a get request RRS feed

  • Question

  • User732828422 posted

    if i use the following code to retrieve the value of the cookie ASP.NET_SessionID after a get request, i see that it is available.

                if (Request.Cookies["ASP.NET_SessionId"] != null)
                {
                    Response.Write("ASP.NET_SessionId cookie value: " + Request.Cookies["ASP.NET_SessionId"].Value + "<br/>");
                }
    

    how is this possible if the page is loading for the first time? I also used firebug to be sure, and there was no request header with a cookie. If i use the following code i get the right behavior.

                if (Request.Headers["Cookie"] != null)
                {
                    Response.Write("ASP.NET_SessionId header cookie: " + Request.Headers["Cookie"].ToString() + "<br/>");
                }

    So, in the first case, from where the cookie is being retrieved? It is a bit confusing to use the method Request.Cookies if the values of the respective cookies are not retrieved from the client side.

    Thursday, August 27, 2015 3:13 PM

Answers

  • User-219423983 posted

    Hi ileve,

    Welcome to ASP.NET Forums.

    how is this possible if the page is loading for the first time? I also used firebug to be sure, and there was no request header with a cookie. If i use the following code i get the right behavior.

    I have created a demo based on your code and I found I couldn’t get the value in my first request, when I refresh the page or request it second time, I could get the value. About you use the code to get the values, did you clean all the cookies in your browser after you use the firebug to debug the page? If not, when you use the code to test, that would be the same session and the cookies has been added when you debug it at the first time.

    So, in the first case, from where the cookie is being retrieved?

    About the cookie “ASP.NET_SessionId”, you’d better take a look at the following link, it explains you why you couldn’t see the cookie in the first Request header. In the first request, you could see the value in “Set-Cookie” in the Response header. When a user first opens their Web browser and then goes to a Web site that implements ASP.NET session state, a cookie is sent to the browser with the name "ASP.NET_SessionId" and a 20-character value. So you could get the value in the first case.

    http://www.codeproject.com/Articles/5892/Session-Management-in-ASP-NET

    https://support.microsoft.com/en-us/kb/899918

    I hope it’s useful to you.

    Best Regard,

    Weibo Zhang

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, August 28, 2015 12:51 PM