Asked by:
How to prevent 302 error dropping the .ASPXFORMSAUTH Cookie

Question
-
User-1735313474 posted
I have a .Net 4.0 web app running Forms Authentication, running on IIS 7.5
<forms loginUrl="Default.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" cookieless="UseCookies" />
I have a strange issue where if I attempt to hit a page that has missing image it gives a 302 error but it overwrites my cookie and therefore causes session to drop. I cannot put my finger on where or how this is happening
example Request
GET /Lottery/media/LotteryMediaLibrary/IWG/Gold_Fish_Toon.jpg HTTP/1.1 Accept: */* Referer: http://lottery/Play-Online/Instant-Win-Games/1-Euro-Fish-for-Gold?subgameid=1000136 Accept-Language: en-GB User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E; BIZ!) Accept-Encoding: gzip, deflate Connection: Keep-Alive DNT: 1 Host: lottery Cookie: CMSPreferredCulture=en-IE; cookie_decision=true; CMSPreferredUICulture=en-gb; CMSCookieLevel=1000; VisitorStatus=21059204509; CMSSplitMode=0|ga-IE|Vertical|1; ASP.NET_SessionId=2khfudsvwzqpk421vdc1domd; .ASPXFORMSAUTH=F6FE2449DBD1CF7EDC144A8C8E36C4C59D9FFF9A7414EA2BC4201C39129BD7FA93D0CD8D8B7DE06AA4FDEA7DE37A1DE3D1954EC89486857865F9E87AF7F016B3E4C95896D0D3CD409E16569276CFC04E2928FA8C0246D48F0F2F4EE9076CC984EDF40CD8ABF8A37C408F0DF6C34FAB7C5ED8031476B2873FB6427BE26D9B2FE5C6783E9B5D0EA6BCFC7F58C1C2D4119E
Response Header
HTTP/1.1 302 Found Cache-Control: private Location: /Lottery/media/LotteryMediaLibrary/IWG/Gold_Fish_Toon.jpg Server: Microsoft-IIS/7.5 X-Frame-Options: SAMEORIGIN Set-Cookie: .ASPXFORMSAUTH=; expires=Mon, 11-Oct-1999 23:00:00 GMT; path=/; HttpOnly X-Powered-By: ASP.NET Date: Sat, 22 Nov 2014 16:29:29 GMT Content-Length: 174
I can see it is doing a Set-Cookie but cant workout how to either prevent this, or pass my current cookie backAny help is greatly appreciated.
Cheers,
CraigSaturday, November 22, 2014 11:36 AM
All replies
-
User753101303 posted
Hi,
Do you have some kind of processing in place for 404 errors? Where it is supposed to redirect?
I would have expected a 404 so for now it looks like there is some kind of custom handling for this "image not found" condition that would cause this issue as an unexpected consequence.
What happens if you are trying to reach the same image location directly by typing the path in your browser address bar?
Saturday, November 22, 2014 12:04 PM -
User-1151753377 posted
Hi Gambit,
About your issue, I think the links below maybe helpful for you, you could have a look at it.
http://support.microsoft.com/kb/910439
http://forums.asp.net/t/2021744.aspx?Session+Timeout+problem+in+asp+net+#5816386
Best Regards,
Summer
Thursday, November 27, 2014 4:02 AM -
User-1607019229 posted
Hi @Craig, I am facing the same issue. I wonder if you ever found a solution for this issue? This is a really annoying issue, I can see different references of it around internet but no solution. I would really appreciate if you have something to add in this regards.
Thursday, January 28, 2021 12:13 PM -
User-474980206 posted
the browser is asking for
http://lottery/Lottery/media/LotteryMediaLibrary/IWG/Gold_Fish_Toon.jpg
and redirect to the same url is returned with a deleted cookie. I assume it’s a different vdir than the calling page
http://lottery/Play-Online/Instant-Win-Games/1-Euro-Fish-for-Gold?subgameid=1000136
and it clears the cookie because it can not decode it. Both sites appear to set the cookie path to the root rather than their vdir.
Sunday, February 7, 2021 2:31 AM